Login or Register to Ask a Question and Join Our Community


Solaris

Assigning proc_owner privilege to particular user in RBAC

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Assigning proc_owner privilege to particular user in RBAC
# 8  
Old 06-19-2019
I do not think there is a "group_proc" privilege. You are going to have to set up sudo and and specifically allow those users to become the user that runs the application. But then they can "tink" with the application process.

sudo -
man pages section 1M: System Administration Commands It is part of Solaris 11.

Suppose the app runs with appuser. sudo su - appuser is the command they would use. I assume they are already in the same group as appuser. Let's call that group "foo"

You will have read up on sudoedit and /etc/sudoers You grant the permission to become "appuser" based on the fact that they are only in the special group I mentioned, "foo". Actually appuser does not have to be in the "foo" group, but then you open up access to anything that appuser can do in its own group to these newcomers.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this . (3 Replies)
Discussion started by: Naveen Pathak
3 Replies

2. AIX

sudo - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo... (9 Replies)
Discussion started by: Daniel Gate
9 Replies

3. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily (1 Reply)
Discussion started by: udtyuvaraj
1 Replies

4. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask... (3 Replies)
Discussion started by: simonsimon
3 Replies

5. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

6. Linux

Sudo user vs RBAC

Hi all, What the difference between the sudo users & RBAC when the talk of effects after doing the above comes??? any differences between them ,kindly list ?? (1 Reply)
Discussion started by: saurabh84g
1 Replies

7. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80... (1 Reply)
Discussion started by: ibmer414
1 Replies

8. UNIX for Advanced & Expert Users

RBAC: create a user to shut the server

Hi, I have created a user to shutdown the server using RBAC. Here are my steps: 1. roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys 2. passwd stopsys 3. edit /etc/security/prof_attr to include: Shut:::able to shut the server: 4. modrole -P Shut stopsys 5. useradd -u 1001 -g 10 -d... (2 Replies)
Discussion started by: chaandana
2 Replies

9. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the... (3 Replies)
Discussion started by: here2learn
3 Replies
Login or Register to Ask a Question

LEARN ABOUT HPUX

cmdprivadm

cmdprivadm(1M)															    cmdprivadm(1M)

NAME

       cmdprivadm - noninteractive editing of a command's authorization and privilege information in the privrun database

SYNOPSIS


DESCRIPTION

       is  a  noninteractive  command  that allows user with appropriate permission to add or delete a command and its privileges in the Role-Base
       Access Control (RBAC) database, See privrun(1M) for more details on this file.

       When adding a line to the database, sets fields that are not specified a default value.	When deleting a line, the lines matching  all  the
       given pairs will be deleted.  That is, if all fields specified match, the entry will be deleted.

	      Appends a line as specified in pairs in the file.

	      Deletes a line as specified in pairs from file.

       HP recommends that only the and commands be used to edit and view the RBAC databases; do not edit the RBAC files directly.

       See rbac(5) for information on the RBAC databases.

   Options
       The following options are valid pairs for

       command		   should include the full path name of the command.  There can be one or more arguments following the command.

       filename 	   should specify the full path name of a file name.

       Specifies the operation.

       Specifies the object.

       Specifies the real user ID
			   (ruid).

       Specifies the effective user ID
			   (euid).

       Specifies the real group ID
			   (rgid).

       Specifies the effective group ID
			   (egid).

       Specifies the compartment.

       Specifies the privileges.

       Specifies the PAM service name to reauthenticate under.
			   See pam.conf(4) for a list of PAM services.

       Specifies the flags.

       Note: You must enclose values that contain the space character, or any characters that may be interpreted by the shell, with single quotes.
       For example, if the has one or more arguments, enclose them with single quotes:

   Authorizations:
       In order to invoke the user must either be root, (running with effective UID of 0), or have the appropriate authorizations.  The  following
       is a list of the required authorizations for running with particular options:

       Allows user to run
	      with options.

       Allows user to run
	      with options.

EXTERNAL INFLUENCES

   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE

       Upon completion, returns one of the following values:

	      Success.

	      Failure.
		   An appropriate error message is printed on standard error.

EXAMPLES

       The following commands add entries into the file:

       The following commands delete entries from the file:

FILES

       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles allowed for each specified user.

       Database defining the authorizations for each specified role.

       Database containing the authorization to execute specified commands,
			   and the privileges to alter UID and GID for command execution.

SEE ALSO

       authadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5).

																    cmdprivadm(1M)