Re: user permission problems
- From: "Brian K. White" <brian@xxxxxxxxx>
- Date: Thu, 27 Mar 2008 22:36:05 -0400
----- Original Message -----
From: "Pat Welch" <patubb@xxxxxxxxxxx>
Newsgroups: comp.unix.sco.misc
To: <distro@xxxxxxx>
Sent: Thursday, March 27, 2008 7:30 PM
Subject: Re: user permission problems
andrewm659@xxxxxxxxx wrote:
The asroot utility is setup. But its not working for the right
people.
On Mar 27, 11:37 am, ThreeStar <s...@xxxxxxxxxxxxxxxxx> wrote:
On Mar 27, 6:44 am, "andrewm...@xxxxxxxxx" <andrewm...@xxxxxxxxx>
wrote:
I seem to be having some trouble with OpenServer 5.0.6. I need to beI can't tell from your description what you're doing. Are you trying
able to give permission to other users to do various tasks on the
system, such as kill users and add and remove users and printers. I
set them up in the tcb and copied the kill command to their home dir.
When they go to hit 'w' for the who command, it only shows them as
logged in. I'm not sure why. Could you please help?
to set up the "asroot" utility?
--RLR
Here's my handy dandy asroot cookbook - see if you missed some steps:
1) If you have special purpose logins to do things requiring root
permissions, make the special logins ".profile" read something like:
:
exec /tcb/bin/asroot <program name>
Note you should put any commands in a shell script so asroot can execute
it with root perms, and you can add sanity tests to prevent things like
rm -r * while in / :) ).
2) Create a symbolic link from the script/command to the dir
"/tcb/files/rootcmds", like (if you make a kill script called "kill_it"):
ln -s /usr/local/bin/kill_it /tcb/files/rootcmds
3) Add the script name to the file "/etc/auth/system/authorize" at the
root line, like:
root:shutdown,kill_it
4) Give the users root auth via scoadmin:
scoadmin > account manager, select user then: Users > Authorizations
add root and the special scripts like "kill_it' to the users that will
use the scripts.
I also found the man docs on asroot clear as mud when I first
encountered it after switching to SCO from AT&T Unix back in the early 90's.
The above cookbook took me more hours of WTF's and other colorful
phrases one afternoon than I would care to admit to. :)
similarly
http://groups.google.com/group/comp.unix.sco.misc/msg/f168b628fc3a4938
http://groups.google.com/group/comp.unix.sco.misc/msg/48353cce2082a8fb
Though I never actually used asroot for kill in production anywhere.
I mostly used it to give users the ability to do manual tape backups.
I wonder why I have fixmog as a final step? Probably just to ensure the perms on the copied binary.
Which, I'm sure I read somewhere that you should copy the binary not link it, else i would always prefer to link it too.
Maybe the symlink provides a means to side-step the very security you are trying to maintain?
I don't know how, but, if you are using symlinks and it works, then the only reason I could see not to do it was some security concern.
--
Brian K. White brian@xxxxxxxxx http://www.myspace.com/KEYofR
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!
.
- References:
- user permission problems
- From: andrewm659@xxxxxxxxx
- Re: user permission problems
- From: ThreeStar
- Re: user permission problems
- From: andrewm659@xxxxxxxxx
- Re: user permission problems
- From: Pat Welch
- user permission problems
- Prev by Date: Re: Enabling USB for OpenServer 5.0.6
- Next by Date: Re: mutt -a redirect
- Previous by thread: Re: user permission problems
- Next by thread: Re: user permission problems
- Index(es):
Relevant Pages
|
