Sudo and smitty


 
Thread Tools Search this Thread
Operating Systems AIX Sudo and smitty
# 1  
Old 06-10-2009
Sudo and smitty

Hello everyone

I have a question.

Its possible to type smitty mksysb using sudo ?

I have a partition and install sudo I create a user for use sudo.

I make a test with sudo and command line for the mksysb and its ok

sudo mksysb -i /dev/rmt0 and I can make my mksysb.


My question is if I can use smitty mksysb using sudo



Thanks for your comments
# 2  
Old 06-13-2009
Yes, you could do so but it would be VERY UNWISE to do it: sudo starts a shell (as root) and executes your command in it, then the shell is closed again. Suppose you do a "sudo ls -l": sudo opens a shell as root in this shell "ls" is executed under root privileges, then "ls" terminates, then the root shell terminates.

Now suppose you start a command which doesn't end immediately but is an interactive program like "ksh" or "smit": instead of doing its work it will expect the user to enter commands, which will be executed as - root, of course! The same is true for SMITty: start SMITty via sudo as root, use the "open shell" facility and you are root in this shell.

This means: if you allow anybody to use an interactive program via sudo you could also allow him to su to root directly. In effect it is the same.

I hope this helps.

bakunin

Corollary: i once worked in a bank where the "security department" (trained monkeys with a jargon file learned by heart) had insisted on using sudo for virtually every task. Additionally several files were only read/write for root and these files had to be edited sometimes. For this they set up a sudo-command like "vi /path/to/some/file". I simply used this command, did a shell escape from the vi - and had a root shell for my convenience. They are still wondering how i could advise them about their configuration problems (they had a lot) without having any access to the machine while their own administrators being root were still analysing.

It's so easy when you're evil.... Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Smitty

Hi All, Im new in aix, anyone can advice is there any way to understand smitty ?:confused: Thanks. TCP. (4 Replies)
Discussion started by: tcp01315
4 Replies

2. AIX

Usage of smitty alt_mksysb

Hello, in which situations should I use smitty alt_mksysb ? What is the general purpose of this tool. Thanks for help, p (1 Reply)
Discussion started by: pitmod
1 Replies

3. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

4. AIX

Cannot create user using SMITTY

i'm using smitty to create user...what happen is it prompt me "failed" with error 3004-703 Check "/etc/security/login.cfg" file. 3004-691 Error changing "shell". 3004-703 Check "/usr/lib/security/mkuser.default" file. 3004-721 Could not create user. 3004-703 Check... (13 Replies)
Discussion started by: thecobra151
13 Replies

5. AIX

smitty mktcpip --> START Now

In "smitty mktcpip", the last item you can change is the "START Now". Does any one change this to "yes" when setting the IP? If so, what agrument would you use to convice others to use it also? (1 Reply)
Discussion started by: kah00na
1 Replies

6. HP-UX

command that is equivalent to smitty in IBM.

i need to change OS level parameter like number of user how to change system environment variable ??? equivalent to smitty in IBM (1 Reply)
Discussion started by: oracle_rajesh_k
1 Replies

7. AIX

Question about Smitty Fs (backup an F.S)

hi all:cool: was just wonderin..by the way im new here..hi all:D...was just wonderin if i smitty fs backup a file system to tape if the permissions and ownership of the files and dir are retained?:confused: o.s is AIX 5.3L thanks all (12 Replies)
Discussion started by: redmanshogun
12 Replies

8. AIX

mksysb with smitty

Hello I need to make a mksysb, I try with smitty but I get the next message 0512-017 mksysb: Cannot write to the device /dev/rmt3. Either write protected or in use. My tape are ready to write ( dont get protection) I use the clean tape and I try with other tapes but I... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies

9. AIX

change ip in aix not using smitty

I want to change my ip by not using smitty, could please help me and what to edit files. So that everytime i will restart my server it will not change. (10 Replies)
Discussion started by: kenshinhimura
10 Replies

10. AIX

Interesting SMITTY behavior

I have a couple systems that are acting strangely. In 'smitty tcpip' everything is displayed twice. Even going into the submenus (like minimum configuration and startup) everything is displayed twice. Has anyone seen this? Know how to fix it? Thanks (3 Replies)
Discussion started by: pmmill2
3 Replies
Login or Register to Ask a Question