Visit The New, Modern Unix Linux Community


Grant unprivileged user rights to see the output of echo|format but not modify disks


 
Thread Tools Search this Thread
Operating Systems Solaris Grant unprivileged user rights to see the output of echo|format but not modify disks
# 1  
Grant unprivileged user rights to see the output of echo|format but not modify disks

anyone have any idea how do to this with auth_attr?

I suspect if I grant him

Code:
solaris.device.:RO::Device Allocation::help=DevAllocHeader.html

that will work but I'm unsure. Just looking for a second opinion.
# 2  
Granting access to a specific command in a very exact way is the sort of thing I'd use sudo for. A script that does exactly what you want, which you can grant access to specifically.
# 3  
Sudo

Thanks but I'm trying to do this within the framework of user_attr, exec_attr.
# 4  
Enable format command like this :

Code:
echo "formaters:::Format command for formaters:" >> /etc/security/prof_attr
echo "formaters:suser:cmd:::/usr/sbin/format:euid=0 >> /etc/security/exec_attr
# in /etc/user_attr modify the line to add the profile or use usermod command.
john::::type=normal;defaultpriv=basic;profiles=formaters

Remember, the user (in this case john) will have to use pf shell (defined in /etc/passwd or with usermod command)

If you want user to look at the output of format command and not modify disks, you can use root cron to make a list file in intervals you like echo | format > /path/to/format_output.txt readable to them.

Hope that helps
Regards
Peasant.
# 5  
wouldn't he be able to do pfksh to do this as well?

that's exactly what I was looking for by the way....

thanks.
# 6  
User can use any pf shell (pfksh, pfbash, pfsh)

Regards.
# 7  
so I tried to do a variation of this

Code:
echo "formaters:::Format command for formaters:" >> /etc/security/prof_attr
echo "formaters:suser:cmd:::/export/home/john/format_echo.sh:euid=0" >> /etc/security/exec_attr
# in /etc/user_attr modify the line to add the profile or use usermod command.
john::::type=normal;defaultpriv=basic;profiles=formaters

where format_echo.sh is
Code:
#!/usr/bin/pfbash
echo|format

file is 755 and owned by root:johns_group

i've tried to execute the .sh script as john using both pfexec and pkbash and get the following output:

Code:
john@solaris:~$ ./format_echo.sh
Searching for disks...done
No permission (or no disks found)!

I suspect this is because the same issue still applies in that the user doesn't have access to run format. correct?

Last edited by os2mac; 09-16-2015 at 01:38 PM.. Reason: clarity

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #871
Difficulty: Medium
Hello World in Lisp is coded as: [ print "Hello world" ]
True or False?

10 More Discussions You Might Find Interesting

1. AIX

Unable to set ACLs on sulog - need to grant read permission to a normal user on AIX 6.1

Hi, I need to grant read permission to a normal user on sulog file on AIX 6.1. As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies

2. UNIX for Beginners Questions & Answers

Solaris, grant user to kill another process

the task is grant user1 to kill another (for example user2) process. My steps: by root: usermod -P "Process Management" user1 login user1 user1@server (~) pfexec kill <PID> the result is: ksh: <PID>: not found or user1@server (~) pfexec pkill <PID> the result: nothing happens, still... (0 Replies)
Discussion started by: dsyberia
0 Replies

3. Shell Programming and Scripting

How to grep the grant statement and output to the different files?

Hi currently I have a list of *.sql files. one of the file, terminal is Prompt Table TERMINAL; CREATE TABLE TERMINAL ( TERMINAL_ID NUMBER(8), EXCEL_TERMINAL_ID NUMBER(8), MERCHANT_ID NUMBER(8), SETTLE_TIME VARCHAR2(4 CHAR) ); COMMENT... (4 Replies)
Discussion started by: jediwannabe
4 Replies

4. Shell Programming and Scripting

modify ls -l (long listing format output) strictly using SED only straightforward goalhard 4 me doh

Below is a sample out of ls -l which I would like to rearrange or modify by field numbers for example I successfully managed to disect using simple paragraph however for ls -l I can't divide the rows or fields by field number. Successful modification by fields using SED sample: $ sed -e... (1 Reply)
Discussion started by: wolf@=NK
1 Replies

5. Shell Programming and Scripting

Modify a perl line to parse out and output to another format

Hey there... I am looking for a way to take the below contents ( small excerpt) of this file called PTR.csv ptrrecord,0000002e0cc0.homeoffice.anfcorp.com,,10.11.191.62,,,False,62.191.11.10.in-addr.arpa,,302400,default... (6 Replies)
Discussion started by: richsark
6 Replies

6. UNIX for Dummies Questions & Answers

Format output from "echo" command

Hi, I have written a BASH shell script that contains a lot of "echo" commands to notify the user about what's going on. The script generates a log file that contains a copy of what is seen in the terminal. The echo statements are generally verbose, and thus extend out for quite a ways on one... (2 Replies)
Discussion started by: msb65
2 Replies

7. Linux

grant root privileges to ordinary user

Hi, Is it possible to grant root privileges to an ordinary user? Other than 'sudo', is there some way under Users/Groups configuration? I want ordinary user to be able to mount, umount and use command mt. /Brendan (4 Replies)
Discussion started by: brendan76
4 Replies

8. HP-UX

User rights

I wan to create a user e.g. Tom. whenever a file is created by user Tom or FTP is done using user as Tom, the rights on the file should be 777 (by default). how can I achieve this. Please help. Its very urgent. (1 Reply)
Discussion started by: sharmavr
1 Replies

9. UNIX for Dummies Questions & Answers

filesystem monitor, for unprivileged user

how can i, ordinary, not a privileged user, monitor my part of filesystem ($HOME dir), to see (at least in log) when and which files was created/deleted/moved ? (I heard something abound "sandbox", but i don`t need to restrict applications, i just want to log its actions) p.s. my system is... (0 Replies)
Discussion started by: variety
0 Replies

10. UNIX for Dummies Questions & Answers

How to enable ifconfig to unprivileged user?

Hello, everyone. I have installed Red Hat 9.0 and Mandrake 9.1 on my computer. I could use a unprivileged user account to run "ifconfig" directly. But when I was using Red Hat, either root or other accounts could run "ifconfig" --- the error messege said: "bash: ifconfig: command not found". I... (5 Replies)
Discussion started by: HOUSCOUS
5 Replies

Featured Tech Videos