possible to assign limit root task to a userid?

Login or Register to Ask a Question and Join Our Community

possible to assign limit root task to a userid?

Tags

limit, root, solaris, userid

Login to Discuss or Reply to this Discussion in Our Community

Operating Systems Solaris possible to assign limit root task to a userid?

04-10-2008

Registered User

39, 0

Join Date: Feb 2007

Last Activity: 28 December 2012, 6:37 AM EST

Posts: 39

Thanks Given: 0

Thanked 0 Times in 0 Posts

possible to assign limit root task to a userid?

I am trying to figure out to add a root task to a userid. I have some security software being installed on Solaris 9 boxes and these software actually need to be executed by root but these users do not need to have root privileges.

For example, a userid is adminjj, and I would like to assign this user the root privilege to only execute the software because only root accounts can execute this software. However, I do not want the userid adminjj to have the whole root privilege such as removing accounts or adding accounts.

I think RBAC is the way to go, but don't see any way to assign limit root privileges. Maybe this is not possible? Anyone have ideas how this can be worked out?

I know we can set up RBAC accounts to manage printers and change passwords etc, but cannot seem to find any information on what needs to be done to assign or set up a role account to be able to execute specific software.

Thanks for the tips if you have any.

bluridge

View Public Profile for bluridge

Find all posts by bluridge

04-10-2008

Registered User

647, 0

Join Date: Feb 2008

Last Activity: 22 September 2010, 2:56 PM EDT

Location: Jersey Shore

Posts: 647

Thanks Given: 0

Thanked 0 Times in 0 Posts

topic has been posted about 10000 times

you could use sudo.
Sudo Main Page

pupp

View Public Profile for pupp

Find all posts by pupp

04-10-2008

Registered User

5,725, 311

Join Date: Jul 2006

Last Activity: 17 February 2019, 10:46 AM EST

Location: Berlin, Germany

Posts: 5,725

Thanks Given: 75

Thanked 311 Times in 297 Posts

Quote:

Originally Posted by pupp

topic has been posted about 10000 times Smilie

Smilie

you could use sudo.
Sudo Main Page

but as sudo'er you can execute ALL commands with root privileges...

@op

maybe you can use "setuid" to let the user execute the programm with root permissions?

Setuid - Wikipedia

DukeNuke2

View Public Profile for DukeNuke2

Visit DukeNuke2's homepage!

Find all posts by DukeNuke2

04-10-2008

Registered User

3,653, 12

Join Date: Mar 2008

Last Activity: 28 March 2011, 6:41 AM EDT

Location: /there/is/only/bin/sh

Posts: 3,653

Thanks Given: 0

Thanked 12 Times in 10 Posts

Quote:

Originally Posted by DukeNuke2

but as sudo'er you can execute ALL commands with root privileges

Not true at all. man sudo

era

View Public Profile for era

Find all posts by era

04-10-2008

Registered User

5,725, 311

Join Date: Jul 2006

Last Activity: 17 February 2019, 10:46 AM EST

Location: Berlin, Germany

Posts: 5,725

Thanks Given: 75

Thanked 311 Times in 297 Posts

Quote:

Originally Posted by era

Not true at all. man sudo

right, but you need to edit the config files to set sudo permissions for a specific command. so it's maybe easier to work with setuid for the file which needs the permission.
there are allways more then one way to solve a problem...

and btw.
i think sudo is not part of the solaris 9 os... i don't have a box with sol 9 to check this right now.

Last edited by DukeNuke2; 04-10-2008 at 04:24 AM..

DukeNuke2

View Public Profile for DukeNuke2

Visit DukeNuke2's homepage!

Find all posts by DukeNuke2

04-10-2008

Registered User

4,940, 703

Join Date: Dec 2007

Last Activity: 4 October 2020, 5:57 PM EDT

Location: Outside Paris

Posts: 4,940

Thanks Given: 20

Thanked 703 Times in 595 Posts

It is correct sudo is indeed not part of any released Solaris version, nor is planned in the next one.

OTOH, rbac is is supported and part of the OS.

You just need to modify two files to achive what you want, eg.:

Assuming you want user "guest" to run "id" as root:

/etc/user_attr
guest::::type=normal;profiles=runid

/etc/security/exec_attr
runid:suser:cmd:::/usr/bin/id:uid=0

Then, as user guest, run "pfexec id".

jlliagre

View Public Profile for jlliagre

Find all posts by jlliagre

04-10-2008

Registered User

647, 0

Join Date: Feb 2008

Last Activity: 22 September 2010, 2:56 PM EDT

Location: Jersey Shore

Posts: 647

Thanks Given: 0

Thanked 0 Times in 0 Posts

yea i meant to also do setuid but i forgot to post that. setuid would probably be the best bet. easiest i think.

pupp

View Public Profile for pupp

Find all posts by pupp

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

Limit root user of SSH logins

Hi team, I tried to modify the /etc/security/limits.conf file to limit the root user for more one login. I added the line in limits.conf file like: @root hard maxlogins 1 I also tried to modify /etc/ssh/sshd_config to limit the root userlogin by adding this: ...

2. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file...

3. Solaris

Limit: stacksize: Can't remove limit

Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine? Thanks in advance.

4. Cybersecurity

How to limit patchadd command to root user only?

How to limit patchadd command to root user only? I'm running a solaris 10 5/09 server, I have 2 users other than root. One being able to use the patchadd command and one is unable to do so. What I'm trying to do is to limit the patchadd command so that only root is able to run it.

5. UNIX for Dummies Questions & Answers

userid and pw

questions: a. where can I customized the password of userid in solaris? say I wanted 10digits long, all caps? thanks

6. Shell Programming and Scripting

Parse an XML task list to create each task.xml file

I have an task definition listing xml file that contains a list of tasks such as <TASKLIST <TASK definition="Completion date" id="Taskname1" Some other <CODE name="Code12" <Parameter pname="Dog" input="5.6" units="feet" etc /Parameter> <Parameter...

7. Shell Programming and Scripting

comment and Uncomment single task out of multiple task

I have a file contains TASK gsnmpproxy { CommandLine = $SMCHOME/bin/gsnmpProxy.exe } TASK gsnmpdbgui { CommandLine = $SMCHOME/bin/gsnmpdbgui.exe I would like to comment and than uncomment specific task eg TASK gsnmpproxy Pls suggest how to do in shell script

8. UNIX for Advanced & Expert Users

userid

I would like to know the difference between the real user-id and the effective user-id. If user-A runs a program owned by user-B then which is the real user-id and which is the effective user-id ?

9. Solaris

How to set Root password age limit in Solaris 9/10

Hi Friends, Can anyone tell me how can I set the password age limit for root user to 14 days....??? Also would like to add following for root password; min-alpha --- 4 min-other --- 1 min-length -- 6 min-diff ----- 3 How can I do these on command line....??? Regards, jumadhiya

10. UNIX for Advanced & Expert Users

Question on UserID with "root" priviledges

I know we can create a normal UserID with "root" priviledges by assigning the user into the "root" group. As such, everything that is modified by the UserID will also contain "root" as the group and ID. This is return causes less tracability on who made the change onto a certain file, etc. My...

Login or Register to Ask a Question