Login or Register to Ask a Question and Join Our Community


Solaris

exec_attr permission for whole directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris exec_attr permission for whole directory
# 1  
Old 07-29-2010
exec_attr permission for whole directory
Hi friends,

I would like to grant a management capability for a specific application to my user test. Application is installed under /opt/myApp and has startup and management scripts under directories bin and sbin. This application is installed by root and can be managed by root. For security considerations, we would like to disable switching to root user in order to start/stop this application. So I assigned built-in profile "System Administrator" to user test. I gave all permissions to user test with setfacl for /opt/myApp. But it's not enough in order to run the application as root. So i added some lines in to /etc/security/exec_attr file as follows :

System Administrator:suser:cmd:::/opt/myApp/sbin/startup.sh:uid=0;euid=0;privs=all

...

including all executables under the directory.

Now I can run the script with pfexec command. However some scripts are failing with library errors. As I discovered through the scripts, executables under the directory are calling other scripts from various directories. My question is :

Is there a way to enable a user run a script, that is calling other scripts, with root privileges by entering a single line of entry in exec_attr that is indicating the main script ?

This way, it will look like : my main script will spawn a new shell with root privileges and all scripts will be able to run successfully.

Thanks,
Niyazi
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

How to set owner and permission for files/directory in directory in this case?

Hi. My example: I have a filesystem /log. Everyday, log files are copied to /log. I'd like to set owner and permission for files and directories in /log like that chown -R log_adm /log/* chmod -R 544 /log/*It's OK, but just at that time. When a new log file or new directory is created in /log,... (8 Replies)
Discussion started by: bobochacha29
8 Replies

2. UNIX for Dummies Questions & Answers

Change permission to a directory

Hi, How do i change the permission to read/write to a windows directory? (1 Reply)
Discussion started by: lg123
1 Replies

3. UNIX for Dummies Questions & Answers

Directory permission

hi i have a directory called dbms and group dba.... My question is how do i set full permissions i.e read/write/execute for all user(in dba group) for the directory dbms. If i use the following cmd chmod g+rwx dbms here in above cmd ..which group it denotes..how AIX will know (3 Replies)
Discussion started by: udtyuvaraj
3 Replies

4. AIX

Do you need execute permission to navigate to a directory?

i have a user 'bart' which does not belong to apps group (as shown below) and i want him to be able to navigate to TEST directory.. i gave him read access but he cannot get through. when i added execute permission he was able to navigate to TEST drwxr-xr-- 3 draco apps 4096 Apr... (2 Replies)
Discussion started by: chipahoys
2 Replies

5. Solaris

Delete Permission on Directory

Hi, I have a directory /u01/source. Following are current permission on directory source. oracle@TEST # ls -l source drwxrwxrwx 2 user1 userbi 31232 Apr 8 13:33 EG1 drwxrwxrwx 2 user1 userbi 1024 Apr 8 05:45 E2 drwxrwxrwx 2 user1 userbi 57344 Mar 15 10:22 h5 There is another ... (4 Replies)
Discussion started by: fahdmirza
4 Replies

6. Fedora

Find Files in Directory by Permission?

Hello. I need to write a script that lets the user pick a directory. Then, all files are looped through, and the ones with read-write (for current user I think) are listed. Ending with a count of those files, but that parts easy. What I'm confused about is the middle. So far I have ... (15 Replies)
Discussion started by: Feuyaer
15 Replies

7. Solaris

reg directory permission

One small doubt. can anyone explain me the difference between directory read and execute permission. (2 Replies)
Discussion started by: rogerben
2 Replies

8. Solaris

execute in exec_attr in Solaris 10 w/ Trusted Extensions

How do I get this line to execute in exec_attr in Solaris 10 with Trusted Extensions? It needs to run as 'sh cpu_root.sh' With the 'sh' it won't execute. Oracle_Install:solaris:cmd:::/cots/oracle/patches/CPUJan2009/9999999/sh cpu_root.sh:uid=0;gid=0 -----Post Update----- Or... (1 Reply)
Discussion started by: djehres
1 Replies

9. UNIX for Dummies Questions & Answers

two groups with permission on one directory

Hi, I have a directory that needs to be accessed by the members of two groups: group1 needs rw access group2 needs only r access others should have no rights I must be missing something obvious, but I can't figure out how to do it! Any ideas? (2 Replies)
Discussion started by: StephenJH
2 Replies

10. UNIX for Dummies Questions & Answers

related to directory permission

$mkdir nw_dir $----------- $cd nw_dir bash:permission denied so what need to be filled in the blanks? (1 Reply)
Discussion started by: mxms755
1 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

cmsnmpd

cmsnmpd(1m)															       cmsnmpd(1m)

NAME

       cmsnmpd - SNMP subAgent that services the High Availability cluster MIB objects

SYNOPSIS

       cmsnmpd

DESCRIPTION

       cmsnmpd is a subAgent that together with the SNMP Master Agent (snmpdm), form the SNMP Agent for a particular system.  The cmsnmpd provides
       the instrumentation for the High Availability cluster MIB objects.  The cmsnmpd is a separate process, yet registers with the  SNMP  Master
       Agent, and the two share a procedural interface.

   Traps
       The  cmsnmpd  sends asynchronous event notifications called "traps".  By default, SNMP traps are not sent to any destination.  To configure
       the agent to send traps to one or more specific destinations, add the trap destinations to /etc/SnmpAgent.d/snmpd.conf.

       The SNMP Master Agent and the cmsnmpd collaborate to send High Availability cluster-related traps and information.  For example, a trap	is
       sent  when  the	cluster  configuration	changes, or when a Highly Available package has failed. A complete list of all the cluster-related
       traps can be found on systems with OpenView installed.  On  an  OpenView  management  station,  the  trap  descriptions	can  be  found	in
       /etc/opt/OV/share/conf/$LANG/trapd.conf.

   Supported MIB Objects
       The  Management	Information  Base (MIB) is a conceptual database of values on the agent system.  The cmsnmpd implements the hp-cluster and
       hp-sgcluster MIB objects.  Included in these MIBs are descriptions of the cluster configuration, as well as  the  current  status  of  each
       cluster	component.   A complete list of all the High Availability MIB objects can be found on systems with OpenView installed. On an Open-
       View management station, the MIB object descriptors can be found in /etc/opt/OV/share/conf/snmpmib.

cmsnmpd Startup
       Startup is controlled by the setting of the AUTOSTART_CMSNMPD variable in the /etc/rc.config.d/cmsnmpagt file. If AUTOSTART_CMSNMPD is  set
       to  1, the cmsnmpd is started automatically each time the system boots. The variable should be set to 1 if you will be using ClusterView to
       monitor your Highly Available clusters through OpenView. If AUTOSTART_CMSNMPD is set to 0, the cmsnmpd is not  started  automatically  when
       the system boots.

       If configured for autostart, the cmsnmpd should startup automatically, after the SNMP Master Agent starts, each time the system reboots, or
       any time the system transitions from run level 1  to  run  level  2.  When  the	system	enters	run  level  2,	the  system  will  execute
       /sbin/init.d/SnmpMaster	which will start the Master Agent.  Similarly, /sbin/init.d/cmsnmpagt will start the cmsnmpd immediately after the
       Master Agent is started.

       Prior to executing these startup scripts the system will examine all scripts in /etc/rc.config.d  for  environment  variables  which  could
       potentially  influence  the startup of the Master Agent and the cmsnmpd.  See the specific startup script or configuration file for details
       on supported environment variables. The user should never modify scripts in /sbin/init.d.  Instead, the startup	behavior  should  be  con-
       trolled by adjusting values in the configuration script /etc/rc.config.d/cmsnmpd.

       There  are  two ways to start the SNMP Master Agent and the cmsnmpd manually.  The first way is to execute snmpdm and then start cmsnmpd by
       invoking the cmsnmpd executable (/usr/lbin/cmsnmpd).

       The second and simplest way to start the SNMP Agent manually is to execute the snmpd startup script which will invoke the Master Agent  and
       all  subAgents  who have been installed and designed to operate in this paradigm.  The snmpd startup script is layered upon the V.4 startup
       paradigm and so makes use of the component startup scripts in /sbin/init.d and configuration scripts in /etc/rc.config.d.   When  snmpd	is
       invoked it passes all its command line arguments to snmpdm and then executes each script found in /sbin/SnmpAgtStart.d.

DEPENDENCIES

       None.

AUTHOR

       cmsnmpd was developed by Hewlett-Packard.

FILES

	      /usr/lbin/cmsnmpd
	      /sbin/init.d/cmsnmpagt
	      /etc/rc.config.d/cmsnmpagt
	      /var/adm/SGsnmpsuba.log

SEE ALSO

       snmpd(1m), snmpd.conf(4).

						      Requires Optional Serviceguard Software					       cmsnmpd(1m)