Re: user permission problems

andrewm659@xxxxxxxxx wrote:
The asroot utility is setup. But its not working for the right
people.


On Mar 27, 11:37 am, ThreeStar <s...@xxxxxxxxxxxxxxxxx> wrote:
On Mar 27, 6:44 am, "andrewm...@xxxxxxxxx" <andrewm...@xxxxxxxxx>
wrote:

I seem to be having some trouble with OpenServer 5.0.6. I need to be
able to give permission to other users to do various tasks on the
system, such as kill users and add and remove users and printers. I
set them up in the tcb and copied the kill command to their home dir.
When they go to hit 'w' for the who command, it only shows them as
logged in. I'm not sure why. Could you please help?
I can't tell from your description what you're doing. Are you trying
to set up the "asroot" utility?

--RLR


Here's my handy dandy asroot cookbook - see if you missed some steps:

1) If you have special purpose logins to do things requiring root permissions, make the special logins ".profile" read something like:

:
exec /tcb/bin/asroot <program name>

Note you should put any commands in a shell script so asroot can execute it with root perms, and you can add sanity tests to prevent things like rm -r * while in / :) ).

2) Create a symbolic link from the script/command to the dir "/tcb/files/rootcmds", like (if you make a kill script called "kill_it"):

ln -s /usr/local/bin/kill_it /tcb/files/rootcmds

3) Add the script name to the file "/etc/auth/system/authorize" at the root line, like:

root:shutdown,kill_it

4) Give the users root auth via scoadmin:

scoadmin > account manager, select user then: Users > Authorizations

add root and the special scripts like "kill_it' to the users that will use the scripts.

I also found the man docs on asroot clear as mud when I first encountered it after switching to SCO from AT&T Unix back in the early 90's.

The above cookbook took me more hours of WTF's and other colorful phrases one afternoon than I would care to admit to. :)

--
----------------------------------------------------
Pat Welch, UBB Computer Services, a WCS Affiliate
SCO Authorized Partner
Microlite BackupEdge Certified Reseller
Unix/Linux/Windows/Hardware Sales/Support
(209) 745-1401 Cell: (209) 251-9120
E-mail: patubb@xxxxxxxxxxx
----------------------------------------------------
.

Relevant Pages

  • Re: user permission problems
    ... Subject: user permission problems ... Note you should put any commands in a shell script so asroot can execute it with root perms, and you can add sanity tests to prevent things like ... add root and the special scripts like "kill_it' to the users that will use the scripts. ... I would assume the symlink is done from another restricted dir, such as a support dir owned by the support login, and only RW perms for the owner. ...
    (comp.unix.sco.misc)
  • RE: permission
    ... Never Never Never Never EVER give access like that to the root of ANY drive. ... opening up your system to all scripts, such as scripts that are targeted ... Once that permission is set, ... to the C drive is OK as long as you don't set IIS to list content and other ...
    (Security-Basics)
  • Re: user permission problems
    ... such as kill users and add and remove users and printers. ... Here's my handy dandy asroot cookbook - see if you missed some steps: ... If you have special purpose logins to do things requiring root ... add root and the special scripts like "kill_it' to the users that will ...
    (comp.unix.sco.misc)
  • Re: user permission problems
    ... such as kill users and add and remove users and printers. ... Here's my handy dandy asroot cookbook - see if you missed some steps: ... If you have special purpose logins to do things requiring root ... add root and the special scripts like "kill_it' to the users that will ...
    (comp.unix.sco.misc)
  • SUMMARY and apology Re: Some bash/tty questions
    ... Some people tend to create complex login scripts ... If you don't allow direct login to root, but rather su to root, then so ... Hi, not to bash down on bash, but perhaps you should try zsh, it has the shared history thing built in. ...
    (SunManagers)