Login or Register to Ask a Question and Join Our Community


Solaris

exec_attr permission for whole directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris exec_attr permission for whole directory
# 1  
Old 07-29-2010
exec_attr permission for whole directory
Hi friends,

I would like to grant a management capability for a specific application to my user test. Application is installed under /opt/myApp and has startup and management scripts under directories bin and sbin. This application is installed by root and can be managed by root. For security considerations, we would like to disable switching to root user in order to start/stop this application. So I assigned built-in profile "System Administrator" to user test. I gave all permissions to user test with setfacl for /opt/myApp. But it's not enough in order to run the application as root. So i added some lines in to /etc/security/exec_attr file as follows :

System Administrator:suser:cmd:::/opt/myApp/sbin/startup.sh:uid=0;euid=0;privs=all

...

including all executables under the directory.

Now I can run the script with pfexec command. However some scripts are failing with library errors. As I discovered through the scripts, executables under the directory are calling other scripts from various directories. My question is :

Is there a way to enable a user run a script, that is calling other scripts, with root privileges by entering a single line of entry in exec_attr that is indicating the main script ?

This way, it will look like : my main script will spawn a new shell with root privileges and all scripts will be able to run successfully.

Thanks,
Niyazi
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

How to set owner and permission for files/directory in directory in this case?

Hi. My example: I have a filesystem /log. Everyday, log files are copied to /log. I'd like to set owner and permission for files and directories in /log like that chown -R log_adm /log/* chmod -R 544 /log/*It's OK, but just at that time. When a new log file or new directory is created in /log,... (8 Replies)
Discussion started by: bobochacha29
8 Replies

2. UNIX for Dummies Questions & Answers

Change permission to a directory

Hi, How do i change the permission to read/write to a windows directory? (1 Reply)
Discussion started by: lg123
1 Replies

3. UNIX for Dummies Questions & Answers

Directory permission

hi i have a directory called dbms and group dba.... My question is how do i set full permissions i.e read/write/execute for all user(in dba group) for the directory dbms. If i use the following cmd chmod g+rwx dbms here in above cmd ..which group it denotes..how AIX will know (3 Replies)
Discussion started by: udtyuvaraj
3 Replies

4. AIX

Do you need execute permission to navigate to a directory?

i have a user 'bart' which does not belong to apps group (as shown below) and i want him to be able to navigate to TEST directory.. i gave him read access but he cannot get through. when i added execute permission he was able to navigate to TEST drwxr-xr-- 3 draco apps 4096 Apr... (2 Replies)
Discussion started by: chipahoys
2 Replies

5. Solaris

Delete Permission on Directory

Hi, I have a directory /u01/source. Following are current permission on directory source. oracle@TEST # ls -l source drwxrwxrwx 2 user1 userbi 31232 Apr 8 13:33 EG1 drwxrwxrwx 2 user1 userbi 1024 Apr 8 05:45 E2 drwxrwxrwx 2 user1 userbi 57344 Mar 15 10:22 h5 There is another ... (4 Replies)
Discussion started by: fahdmirza
4 Replies

6. Fedora

Find Files in Directory by Permission?

Hello. I need to write a script that lets the user pick a directory. Then, all files are looped through, and the ones with read-write (for current user I think) are listed. Ending with a count of those files, but that parts easy. What I'm confused about is the middle. So far I have ... (15 Replies)
Discussion started by: Feuyaer
15 Replies

7. Solaris

reg directory permission

One small doubt. can anyone explain me the difference between directory read and execute permission. (2 Replies)
Discussion started by: rogerben
2 Replies

8. Solaris

execute in exec_attr in Solaris 10 w/ Trusted Extensions

How do I get this line to execute in exec_attr in Solaris 10 with Trusted Extensions? It needs to run as 'sh cpu_root.sh' With the 'sh' it won't execute. Oracle_Install:solaris:cmd:::/cots/oracle/patches/CPUJan2009/9999999/sh cpu_root.sh:uid=0;gid=0 -----Post Update----- Or... (1 Reply)
Discussion started by: djehres
1 Replies

9. UNIX for Dummies Questions & Answers

two groups with permission on one directory

Hi, I have a directory that needs to be accessed by the members of two groups: group1 needs rw access group2 needs only r access others should have no rights I must be missing something obvious, but I can't figure out how to do it! Any ideas? (2 Replies)
Discussion started by: StephenJH
2 Replies

10. UNIX for Dummies Questions & Answers

related to directory permission

$mkdir nw_dir $----------- $cd nw_dir bash:permission denied so what need to be filled in the blanks? (1 Reply)
Discussion started by: mxms755
1 Replies
Login or Register to Ask a Question

LEARN ABOUT SUNOS

deploytool

deploytool(1m)						    Application Server Utility						    deploytool(1m)

NAME

       deploytool - launches the deploytool utility to deploy, package, and edit your J2EE applications

SYNOPSIS

       deploytool [--help] [--userdir user_directory] [--configdir configuration_directory]

       Use  the  deploytool  utility to deploy and package your J2EE applications and components, create and edit J2EE deployment descriptors, and
       create and edit J2EE Application Server specific deployment descriptors. If the application is not J2EE compliant, an error message is dis-
       played.

       Only  one  session of the deploytool utility can run with a specific user directory. A lock file is created to ensure that only one utility
       session is running. A message is displayed if a lock file is detected.

OPTIONS

       --help			displays the arguments for launching the AssemblyTool.

       --userdir	       identifies the user directory. The default user directory is  .deploytool  under  your  home  directory.  Only  one
			       deploytool  session  can  be  running per user directory. A lock file is created under the user directory to ensure
			       that only one session of the deploytool is running. The deploytool utility uses this directory to store	configura-
			       tion information.

				 o  On Solaris, the default directory is at ~/.deploytool

       --configdir	       identifies the configuration directory. The configuration directory is where the asenv.conf file is located.

			       On Solaris the asenv.conf can be found at:

				 o  Bundled installation: /etc/appserver

				 o  Unbundled installation: default is /etc/opt/SUNWappserver7 or user	specified

				 o  Evaluation	installation:  AS_SERVER_INSTALL/config.  Where  AS_SERVER_INSTALL is the directory where you have
				    installed the Java 2 Platform, Enterprise Edition 1.4 Application Server Beta 2.

EXAMPLES

       Example 1: Using deploytool

       example% deploytool --userdir /myapplication --config_dir /myconfigdir

       Where --userdir specifies the destination directory, and -config_dir identifies the configuration directory.

SEE ALSO

       verifier(1M)

Sun Java System Application Server				    March 2004							    deploytool(1m)