Login or Register to Ask a Question and Join Our Community


Solaris

Assign Superuser rights to normal user

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Assign Superuser rights to normal user
# 1  
Old 04-28-2011
Assign Superuser rights to normal user
Hi,

It's actually strange, but Is there any way through which I can assign super user rights to normal user.
Actually su/sudo/rbac does solve these but switching id is the problem for an application.

For eg: $dladm show-dev
insufficient priviliges.

Is there any way to get it done ?

Also I tried adding user with 0 uid & gid (same as root) but it won't accept password.If I change that ID to above 100, password works Smilie


Thanks a lot Smilie
# 2  
Old 04-29-2011
Tuxian,

Take a look at privileges and the ppriv command in Solaris 10.

You can use RBAC to assign privileges to regular users. Be aware that this might compromise some (all) of your security.

--Peter
# 3  
Old 04-29-2011
Quote:
Originally Posted by tuxian
Also I tried adding user with 0 uid & gid (same as root) but it won't accept password.If I change that ID to above 100, password works
This should work. Aliasing the root account is a common practice. I guess you incorrectly created that alias. One way to fix it would be to run as root these commands, assuming altroot is the new username with a userid equal to 0:
Code:
pwconv
passwd altroot

# 4  
Old 04-29-2011
Quote:
Originally Posted by petervg
Tuxian,

Take a look at privileges and the ppriv command in Solaris 10.

You can use RBAC to assign privileges to regular users. Be aware that this might compromise some (all) of your security.

--Peter
Thanks I will have a look on same.I will ping here if have any query.Smilie

Quote:
Originally Posted by jlliagre
This should work. Aliasing the root account is a common practice. I guess you incorrectly created that alias. One way to fix it would be to run as root these commands, assuming altroot is the new username with a userid equal to 0:
Code:
pwconv
passwd altroot

Thanks a lot
Actually direct root login was disabled hence it was givin access denied,its letting in after doing su
# 5  
Old 04-29-2011
RBAC will solve the problem for you without compromising security. Much better that sudo.

See Solaris RBAC Elements and Basic Concepts (System Administration Guide: Security Services)
# 6  
Old 04-29-2011
@tuxian: it would help if you tell why you want to grant some privileges in the first place, and specifically what specific ones. There are plenty of ways to grant some or all privileges to a user but the best practice is to grant only the least privileges required, not all of them.
# 7  
Old 05-03-2011
Quote:
Originally Posted by fpmurphy
RBAC will solve the problem for you without compromising security. Much better that sudo.

See Solaris RBAC Elements and Basic Concepts (System Administration Guide: Security Services)
Hi,
Thanks for link.


Quote:
@jlliagre: Actually I just wanted to access dladm command with normal user as it has been requested by an app team.
I am trying to configure RBAC just for testing purpose.
Steps Performed
Code:
1)Added User & Set Password- nachiket
2)Added Role & Set Password - opsrole
 
3)Edited /etc/security/prof_attr 
SoftAdd:::Soft Addition & Removal:
 
4)Edited /etc/security/exec_attr
SoftAdd:suser:cmd:::/usr/bin/ln:euid=0
SoftAdd:suser:cmd:::/usr/bin/pkginfo:uid=0
SoftAdd:suser:cmd:::/usr/bin/pkgmk:uid=0
SoftAdd:suser:cmd:::/usr/bin/pkgparam:uid=0
SoftAdd:suser:cmd:::/usr/bin/pkgproto:uid=0
SoftAdd:suser:cmd:::/usr/bin/pkgtrans:uid=0
SoftAdd:suser:cmd:::/usr/bin/prodreg:uid=0
SoftAdd:suser:cmd:::/usr/ccs/bin/make:euid=0
SoftAdd:suser:cmd:::/usr/sbin/install:euid=0
SoftAdd:suser:cmd:::/usr/sbin/patchadd:uid=0
SoftAdd:suser:cmd:::/usr/sbin/patchrm:uid=0
SoftAdd:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin
SoftAdd:suser:cmd:::/usr/sbin/pkgask:uid=0
SoftAdd:suser:cmd:::/usr/sbin/pkgchk:uid=0
SoftAdd:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin
 
5)rolemod -P SoftAdd,All opsrole
 
6)usermod -R opsrole nachiket
 
7)tail -2 /etc/user_attr
opsrole::::type=role;profiles=SoftAdd,All
nachiket::::type=normal;roles=opsrole

When I am running below command as a role getting error
Quote:
bash-3.00$ /usr/sbin/pkgadd -d .
pkgadd: ERROR: You must be "root" for pkgadd to execute properly.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Will Chkconfig works for normal user apart from root user

Hi, I am trying to schedule a script that starts on reboot.I came across chkconfig utility to schedule scripts on reboot. Problem here is can i how to use this chkconfig to schedule a script that runs a s normal user. Or if there is any other function to schedule on reboot as normal user... (4 Replies)
Discussion started by: praveena kotapa
4 Replies

2. UNIX for Dummies Questions & Answers

Switching from root to normal user takes me to user's home dir

Whenever i switch from root to another user, by doing su - user, it takes me to home directory of user. This is very annoying as i want to be in same dir to run different commands as root sometimes and sometimes as normal user. How to fix this? (1 Reply)
Discussion started by: syncmaster
1 Replies

3. Homework & Coursework Questions

user rights

good evening .. I have a plea, who I can help me with a management application user rights on the files in a Unix / Linux I need for college .. .. and not told us no clue .. thank you (1 Reply)
Discussion started by: alex90
1 Replies

4. Solaris

java version mismatch for normal user and root user

:confused: I installed latest version of java ( jre 1.6) on Solaris Machine ......when I run java -version as root, shows the latest version but when I run java -version as normal user, shows the old / previous version What should I do to fix this ...should show the latest version... (3 Replies)
Discussion started by: frintocf
3 Replies

5. Shell Programming and Scripting

root user command in shell script execute as normal user

Hi All I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh URL="www.google.com" VBURL="10.5.2.211" echo "Setting route for $URL for GPRS" URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1` echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies

6. Solaris

how to assign the rights to groups in solaris

Hi, how to assign the rights(admin,..) to groups . I can create group using groupadd. but i don't know how to assign rights and adding members please tell me how to do that Thank you (2 Replies)
Discussion started by: S_venkatesh
2 Replies

7. UNIX for Dummies Questions & Answers

How to give an ordinary user the superuser (root) ID which is 0

How to give an ordinary user the superuser (root) ID which is 0 (9 Replies)
Discussion started by: sharaola
9 Replies

8. UNIX for Advanced & Expert Users

Other than root user .Normal user is unable to create files

Hi all, I am using Sun Solaris 9 .In this system normal users unable to create files from the command line.I added these users in bin,adm and even root group i found them unable to create a file. (1 Reply)
Discussion started by: mallesh
1 Replies

9. UNIX for Advanced & Expert Users

No user able to login except root(superuser)

Hi All, Oracle 8.0 database is running on SCO-UNIXWARE 7.0 Operating system. Some how ORACLLE DATABASE has crashed. After rebooting the PC only the SUPER USER could login. No other user is able to login. we need ORACLE user to start the DATABASE again. It is asking for the password, after... (2 Replies)
Discussion started by: konda
2 Replies
Login or Register to Ask a Question