Sudo access of rm to non-root user


 
Thread Tools Search this Thread
Operating Systems Solaris Sudo access of rm to non-root user
# 1  
Old 08-23-2017
Sudo access of rm to non-root user

Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give rm access to app_user, only to that file, via sudoers ? So that, he can delete only that file, not any other path or file or folder.

Regards

Last edited by solaris_1977; 08-23-2017 at 10:17 PM..
# 2  
Old 08-23-2017
Why do you not change the app running as root to chmod/chown permissions required to allow the correct user to delete the file? Or have the app run by the user to start with?
# 3  
Old 08-23-2017
This application should not run as root.
If application team needs to restart their application, they are required to remove file /opt/vpp/dom1.2/pdd/today_23 or else application will not start clean. And this file is owned by root always. app_user should be eligible so restart this application, so I have already given start/stop sudo access to app_user, but not sure how should I give rm access only for that specific file.
# 4  
Old 08-23-2017
Quote:
Originally Posted by solaris_1977
This application should not run as root.
If application team needs to restart their application, they are required to remove file /opt/vpp/dom1.2/pdd/today_23 or else application will not start clean. And this file is owned by root always. app_user should be eligible so restart this application, so I have already given start/stop sudo access to app_user, but not sure how should I give rm access only for that specific file.
You're missing the point.

We understand that your application should not run as root. What Jim suggested is that the other application that is creating a file owned by root should change the owner of the file that you want your application to remove to be app_user; not root. If a user needs to be able to remove a file, that user needs to have appropriate permissions to remove that file. If a user named app_user needs to be able to remove a file, there is no reason why a user named root needs to own that file.
This User Gave Thanks to Don Cragun For This Post:
# 5  
Old 08-24-2017
I got the point. It may be nature of application, the way it is creating file with root ownership. I can check with application owner, if this nature can be changed.

But, is it possible at all, to give sudo access to app_user to remove that root owned file ? I just want to have my statement correct, before jumping into discussion with them.
# 6  
Old 08-24-2017
I agree that the process that creates the file needs to be looked at first.
  • What can you tell us about it?
  • Does it write anything useful to the file or is it created empty?
  • Why can the application account not create it?

Do you have write access to the directory that this file is in? If so, can you not remove the file anyway? (or is the sticky bit set?)
If the file has to be removed, your application must be able to create a replacement else


There are certainly several ways to grant a remove privilege, but that's probably not the best way to do it.
These 2 Users Gave Thanks to rbatte1 For This Post:
# 7  
Old 08-24-2017
Quote:
Originally Posted by solaris_1977
I got the point. It may be nature of application, the way it is creating file with root ownership. I can check with application owner, if this nature can be changed.

But, is it possible at all, to give sudo access to app_user to remove that root owned file ? I just want to have my statement correct, before jumping into discussion with them.
Probably the worst approach to fixing a problem is writing more code to paper over the symptom of the problem instead of just fixing the actual problem.

Your problem here is a file has ownership/permissions that prevent processing per your system's requirements.

Instead of fixing that problem, your proposed solution is to write even more code and/or create something new in order to change the symptom.

So instead of a fixed problem, you now have a problem, a patch that hides that problem, an entire set of undocumented dependencies for working around that problem, and a requirement to spend future resources keeping that patch working.

Ever wonder how computer systems get unreliable?

That's exactly how.

Do you want reliable systems?

FIX the actual problems, never ADD extras to patch over and hide them.
These 3 Users Gave Thanks to achenle For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to provide root access via sudo with restrictions?

Hi, I have a requirement to provide root access but user should not run some specific commands, How it is possible. following is my configuration at sudoers file, Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim test2... (5 Replies)
Discussion started by: anuragr
5 Replies

2. Red Hat

Sudo to user other than root but do not allow sudo to root

I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies

3. UNIX for Dummies Questions & Answers

Create user with sudo ability to root.

Hi All, I need to give an user sudo ability to root. We have also generated RSA key but unable to proceed further. For example after a user logs into the server normally and when he executes below command $ssh root@server_name This should take you to root prompt # Please help me.... (3 Replies)
Discussion started by: Rockyc3400
3 Replies

4. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

5. AIX

how to remove sudo access from a user ?

Hello Folks, I need help on removing sudo access on one id but first of all, can i confirm that the user below is having sudo access ? if he did have sudo access, how to remove ? thanks alrsprd3:root-/etc> more sudoers | grep fzcx0l fzcx0l ALL=(ALL) ALL alrsprd3:root-/etc> (2 Replies)
Discussion started by: wingcross
2 Replies

6. UNIX for Dummies Questions & Answers

Sudo to delegate permission from non-root user to another non-root user

I've been through many threads before i decide to create a separate thread. I can't really find the solution to my (simple) problem. Here's what I'm trying to achieve: As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user. The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies

7. UNIX for Dummies Questions & Answers

sudo/root access

I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'. I tried and got a error message like "not allowed". After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well. Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies

8. Shell Programming and Scripting

Cron job initiating ssh AND sudo (from user, not root)

I've been bashing my head on the desk for 2 days trying to get this to work, but I've had no luck. I'll try to be as clear as possible in my explanation without dragging out the details. I'm trying to set up a cron job for user "john" which runs a script. This script initiates an ssh connection to... (5 Replies)
Discussion started by: eh3civic
5 Replies

9. AIX

sudo user access

I have installed sudo on AIX 6100-04 and want to know how do I set it up for a user to be able to run only some commands? I want to give the user the rights to only cd to certain directories and run the ls command to name a few? Are there any issues with running sudo when the user is forced to... (2 Replies)
Discussion started by: daveisme
2 Replies

10. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
Login or Register to Ask a Question