Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Powerbroker policy file advice needed
Top Forums UNIX for Dummies Questions & Answers Powerbroker policy file advice needed Post 74768 by yvs24 on Monday 13th of June 2005 11:25:01 AM
Old 06-13-2005
Powerbroker policy file advice needed
I have a requirement to be able to issue selected commands with root privileges but don't have the ability to su to root due to audit requirements dictating that only our UNIX SA's have that feature.

I was told that Powerbroker would allow me to run the commands as root but our security people don't seem to be able to configure it such that it works.

I need to be able to issue the following as root

/usr/lpp/bin/cicscp -v start region cics1

It seems to be the parameters following the command that give our security people the problems.

Do any of you UNIX experts know if it would be possible to configure Powerbroker to run the command with parameters as shown above ?
 

10 More Discussions You Might Find Interesting

1. Linux

programming advice needed....

i'm a grad student taking a UNIX course and a networks course (i have a background in C++ and JAVA). i'm trying to combine the two classes. My questions stems from a networks programming homework assignment below: "Using the operating system and language of your choice, develop a program to... (5 Replies)
Discussion started by: trostycp
5 Replies

2. Solaris

Storage hardware - advice needed

I realise this is an odd request - but I need advice please.. I have two server - in different geographical locations.. The have 2 local 72gb disks which are mirrored. I need to get storage added to increase both to 300gb in total each and this needs to be mirrored in case of failure. The... (2 Replies)
Discussion started by: frustrated1
2 Replies

3. Shell Programming and Scripting

eval problem.. advice needed!

Hi I need some major help with eval I have a statement using eval: read input eval variable$input=”something” Now I want to use the “variable$input” in some commands but I don't know how to call it without replacing the $input with the command line value (which I obviously can't do). ... (1 Reply)
Discussion started by: Cactus Jack
1 Replies

4. Filesystems, Disks and Memory

LVM resizing advice needed

Hi I have a CentOS 5 server with LVM. / and /home are low on disk space. I have ~12Gb available on /usr I plan to resize /usr and add the available space to the other 2 partitions. Please advice me on any precautions I need to take. Any problem if you have faced doing similar stuff and... (0 Replies)
Discussion started by: yunusyb
0 Replies

5. Programming

urgent advice needed - gcc

what does the statement : static char a = "a"; store in the executable image. ?? I need to make a command line parameter exist AFTER the program finishes execution.. so that when i run the code next time ( without recompiling ).. i can work with the paramter.. for example: ... (5 Replies)
Discussion started by: a.k.aFireknight
5 Replies

6. Shell Programming and Scripting

'for' loop advice needed ....!!

/usr/sbin/ifconfig -a | grep "inet" | grep -v "inet6" | grep -v "127.0.0.1" | grep -v "0.0.0.0"|grep -v "192.168.100.2" | awk '{print $2}' I use above command to get IP addresses on AIX boxes.Values coming here are set to a variable "Host IPs.IP Addresses" in my fingerprinting engine. ... (4 Replies)
Discussion started by: ak835
4 Replies

7. UNIX for Advanced & Expert Users

'for' loop advice needed....!!

Scenario: Command used to capture IPs on a host: /usr/sbin/ifconfig -a | grep "inet" | egrep -v "inet6|0.0.0.0|192.168.100.2" | awk '{print $2}' Following for loop used to capture interface names: for INTERFACE in `/usr/sbin/ifconfig -a | nawk '$1 ~ /:$/ && $1 {sub(":$", "", $1); print... (3 Replies)
Discussion started by: ak835
3 Replies

8. Linux

Scripting advice needed

Evening all, Im trying to get a script that will: Select the most 3 recent files in a specific directory Run a command on them (like chmod) Ask of you would like to continue Copy the files to another directory If a linux guru could help me out, it would be very much appreciated. Thanks... (2 Replies)
Discussion started by: Wiggins
2 Replies

9. UNIX for Dummies Questions & Answers

Issue with ACL's (Help/Advice Needed)

Hi Experts,,, Need your help/advice on how to fix this I have 2 users under same group (primary group) and i want to give 777 permissions on a directory to one dir owned by user1 when granted i can see than from getfacl but when i actually login as user2 i can touch a file . ... (3 Replies)
Discussion started by: maddyfreaks1
3 Replies

10. Solaris

Solaris Study Advice Needed

I just have a question regarding learning Solaris, I have a Linux and AIX background and I would like to learn Solaris, I have been giving some Solaris 10 Study Guides and just wondered how relevant they would be to Solaris 11 or should I try and get some study materials which are targeted towards... (1 Reply)
Discussion started by: markmorris182mx
1 Replies

LEARN ABOUT MINIX

profiles

profiles(1)															       profiles(1)

NAME

       profiles - print execution profiles for a user

SYNOPSIS

       profiles [-l] [ user ...]

       The  profiles  command  prints  on standard output the names of the execution profiles that have been assigned to you or to the optionally-
       specified user or role name. Profiles are a bundling mechanism used to enumerate the commands and authorizations needed to perform  a  spe-
       cific  function.  Along	with  each  listed executable are the process attributes, such as the effective user and group IDs, with which the
       process runs when started by a privileged command interpreter. The profile shells are pfcsh, pfksh, and pfexec. See the pfexec(1) man page.
       Profiles can contain other profiles defined in prof_attr(4).

       Multiple  profiles can be combined to construct the appropriate access control. When profiles are assigned, the authorizations are added to
       the existing set. If the same command appears in multiple profiles, the first occurrence, as determined by the ordering of the profiles, is
       used for process-attribute settings. For convenience, a wild card can be specified to match all commands.

       When profiles are interpreted, the profile list is loaded from user_attr(4). If any default profile is defined in /etc/security/policy.conf
       (see policy.conf(4)), the list of default profiles are added to the list loaded from user_attr(4). Matching entries in prof_attr(4) provide
       the authorizations list, and matching entries in exec_attr(4) provide the commands list.

       The following options are supported:

       -l	Lists the commands in each profile followed by the special process attributes such as user and group IDs.

       Example 1: Sample Output

       The output of the profiles command has the following form:

       example% profiles tester01 tester02
       tester01 : Audit Management, All Commands
       tester02 : Device Management, All Commands
       example%

       Example 2: Using the list Option

       example% profiles -l tester01 tester02
       tester01 :
	   Audit Management:
	     /usr/sbin/audit	      euid=root
	     /usr/sbin/auditconfig    euid=root    egid=sys
	   All Commands:
	     *
       tester02 :
	   Device Management:
	     /usr/bin/allocate:       euid=root
	     /usr/bin/deallocate:     euid=root
	   All Commands
	     *
       example%

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

       /etc/security/exec_attr

       /etc/security/prof_attr

       /etc/user_attr

       /etc/security/policy.conf

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

       auths(1), pfexec(1), roles(1), getprofattr(3SECDB), exec_attr(4), policy.conf(4), prof_attr(4), user_attr(4), attributes(5)

								    11 Feb 2000 						       profiles(1)
All times are GMT -4. The time now is 05:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy