Login or Register to Ask a Question and Join Our Community


Solaris

Grant unprivileged user rights to see the output of echo|format but not modify disks

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Grant unprivileged user rights to see the output of echo|format but not modify disks
# 8  
Old 09-16-2015
You need to change your script shebang to use the "-p" option for the effective user id to be set:

Code:
$ cat /etc/release 
                             Oracle Solaris 11.2 X86
  Copyright (c) 1983, 2014, Oracle and/or its affiliates.  All rights reserved.
                             Assembled 23 June 2014
$ cat format_echo.sh
#!/bin/ksh -p
echo|format
$ tail -1 /etc/security/exec_attr
formaters:suser:cmd:::/export/home/user1/format_echo.sh:euid=0
$ tail -1 /etc/user_attr         
user1::::type=normal;defaultpriv=basic;profiles=formaters
$ tail -1  /etc/security/prof_attr
formaters:::Format command for formaters:
$ ./format_echo.sh 
Searching for disks...done
No permission (or no disks found)!

$ pfexec ./format_echo.sh 
Searching for disks...done


AVAILABLE DISK SELECTIONS:
       0. c1t0d0 <ATA-VBOX HARDDISK-1.0-16.00GB>
          /pci@0,0/pci8086,2829@d/disk@0,0
Specify disk (enter its number): Specify disk (enter its number):

These 2 Users Gave Thanks to jlliagre For This Post:
MadeInGermany os2mac
# 9  
Old 09-16-2015
Code:
user1@solaris:~$ cat /etc/release
                            Oracle Solaris 11.2 SPARC
  Copyright (c) 1983, 2015, Oracle and/or its affiliates.  All rights reserved.
                             Assembled 17 March 2015

Code:
user1@solaris:~$ cat format_echo.sh
#!/bin/ksh -p
echo|format

Code:
user1@solaris:~$ grep formaters /etc/security/exec_attr
formaters:suser:cmd:::/export/home/user1/echo_format.sh:euid=0

Code:
user1@solaris:~$ grep user1 /etc/user_attr
user1::::profiles=formaters,Oracle Backup;type=role;roleauth=role

Code:
user1@solaris:~$ grep formaters /etc/security/prof_attr
formaters:::Format command for formaters:

Code:
user1@solaris:~$ ./format_echo.sh
Searching for disks...done
No permission (or no disks found)!

Code:
user1@solaris:~$ pfexec ./format_echo.sh
Searching for disks...done
No permission (or no disks found)!

Last edited by os2mac; 09-16-2015 at 06:23 PM.. Reason: formatting
# 10  
Old 09-16-2015
Wrong pathname in exec_attr ...
This User Gave Thanks to jlliagre For This Post:
os2mac
# 11  
Old 09-16-2015
Thanks, forest for the trees and all that...
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Unable to set ACLs on sulog - need to grant read permission to a normal user on AIX 6.1

Hi, I need to grant read permission to a normal user on sulog file on AIX 6.1. As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies

2. UNIX for Beginners Questions & Answers

Solaris, grant user to kill another process

the task is grant user1 to kill another (for example user2) process. My steps: by root: usermod -P "Process Management" user1 login user1 user1@server (~) pfexec kill <PID> the result is: ksh: <PID>: not found or user1@server (~) pfexec pkill <PID> the result: nothing happens, still... (0 Replies)
Discussion started by: dsyberia
0 Replies

3. Shell Programming and Scripting

How to grep the grant statement and output to the different files?

Hi currently I have a list of *.sql files. one of the file, terminal is Prompt Table TERMINAL; CREATE TABLE TERMINAL ( TERMINAL_ID NUMBER(8), EXCEL_TERMINAL_ID NUMBER(8), MERCHANT_ID NUMBER(8), SETTLE_TIME VARCHAR2(4 CHAR) ); COMMENT... (4 Replies)
Discussion started by: jediwannabe
4 Replies

4. Shell Programming and Scripting

modify ls -l (long listing format output) strictly using SED only straightforward goalhard 4 me doh

Below is a sample out of ls -l which I would like to rearrange or modify by field numbers for example I successfully managed to disect using simple paragraph however for ls -l I can't divide the rows or fields by field number. Successful modification by fields using SED sample: $ sed -e... (1 Reply)
Discussion started by: wolf@=NK
1 Replies

5. Shell Programming and Scripting

Modify a perl line to parse out and output to another format

Hey there... I am looking for a way to take the below contents ( small excerpt) of this file called PTR.csv ptrrecord,0000002e0cc0.homeoffice.anfcorp.com,,10.11.191.62,,,False,62.191.11.10.in-addr.arpa,,302400,default... (6 Replies)
Discussion started by: richsark
6 Replies

6. UNIX for Dummies Questions & Answers

Format output from "echo" command

Hi, I have written a BASH shell script that contains a lot of "echo" commands to notify the user about what's going on. The script generates a log file that contains a copy of what is seen in the terminal. The echo statements are generally verbose, and thus extend out for quite a ways on one... (2 Replies)
Discussion started by: msb65
2 Replies

7. Linux

grant root privileges to ordinary user

Hi, Is it possible to grant root privileges to an ordinary user? Other than 'sudo', is there some way under Users/Groups configuration? I want ordinary user to be able to mount, umount and use command mt. /Brendan (4 Replies)
Discussion started by: brendan76
4 Replies

8. HP-UX

User rights

I wan to create a user e.g. Tom. whenever a file is created by user Tom or FTP is done using user as Tom, the rights on the file should be 777 (by default). how can I achieve this. Please help. Its very urgent. (1 Reply)
Discussion started by: sharmavr
1 Replies

9. UNIX for Dummies Questions & Answers

filesystem monitor, for unprivileged user

how can i, ordinary, not a privileged user, monitor my part of filesystem ($HOME dir), to see (at least in log) when and which files was created/deleted/moved ? (I heard something abound "sandbox", but i don`t need to restrict applications, i just want to log its actions) p.s. my system is... (0 Replies)
Discussion started by: variety
0 Replies

10. UNIX for Dummies Questions & Answers

How to enable ifconfig to unprivileged user?

Hello, everyone. I have installed Red Hat 9.0 and Mandrake 9.1 on my computer. I could use a unprivileged user account to run "ifconfig" directly. But when I was using Red Hat, either root or other accounts could run "ifconfig" --- the error messege said: "bash: ifconfig: command not found". I... (5 Replies)
Discussion started by: HOUSCOUS
5 Replies
Login or Register to Ask a Question