Re: user permission problems
- From: Pat Welch <patubb@xxxxxxxxxxx>
- Date: Sat, 05 Apr 2008 03:11:51 -0700
Brian K. White wrote:
----- Original Message ----- From: "Pat Welch" <patubb@xxxxxxxxxxx>
Newsgroups: comp.unix.sco.misc
To: <distro@xxxxxxx>
Sent: Thursday, March 27, 2008 7:30 PM
Subject: Re: user permission problems
andrewm659@xxxxxxxxx wrote:The asroot utility is setup. But its not working for the rightHere's my handy dandy asroot cookbook - see if you missed some steps:
people.
On Mar 27, 11:37 am, ThreeStar <s...@xxxxxxxxxxxxxxxxx> wrote:On Mar 27, 6:44 am, "andrewm...@xxxxxxxxx" <andrewm...@xxxxxxxxx>
wrote:
I seem to be having some trouble with OpenServer 5.0.6. I need to beI can't tell from your description what you're doing. Are you trying
able to give permission to other users to do various tasks on the
system, such as kill users and add and remove users and printers. I
set them up in the tcb and copied the kill command to their home dir.
When they go to hit 'w' for the who command, it only shows them as
logged in. I'm not sure why. Could you please help?
to set up the "asroot" utility?
--RLR
1) If you have special purpose logins to do things requiring root permissions, make the special logins ".profile" read something like:
:
exec /tcb/bin/asroot <program name>
Note you should put any commands in a shell script so asroot can execute it with root perms, and you can add sanity tests to prevent things like rm -r * while in / :) ).
2) Create a symbolic link from the script/command to the dir "/tcb/files/rootcmds", like (if you make a kill script called "kill_it"):
ln -s /usr/local/bin/kill_it /tcb/files/rootcmds
3) Add the script name to the file "/etc/auth/system/authorize" at the root line, like:
root:shutdown,kill_it
4) Give the users root auth via scoadmin:
scoadmin > account manager, select user then: Users > Authorizations
add root and the special scripts like "kill_it' to the users that will use the scripts.
I also found the man docs on asroot clear as mud when I first encountered it after switching to SCO from AT&T Unix back in the early 90's.
The above cookbook took me more hours of WTF's and other colorful phrases one afternoon than I would care to admit to. :)
similarly
http://groups.google.com/group/comp.unix.sco.misc/msg/f168b628fc3a4938
http://groups.google.com/group/comp.unix.sco.misc/msg/48353cce2082a8fb
Though I never actually used asroot for kill in production anywhere.
I mostly used it to give users the ability to do manual tape backups.
I wonder why I have fixmog as a final step? Probably just to ensure the perms on the copied binary.
Which, I'm sure I read somewhere that you should copy the binary not link it, else i would always prefer to link it too.
Maybe the symlink provides a means to side-step the very security you are trying to maintain?
I don't know how, but, if you are using symlinks and it works, then the only reason I could see not to do it was some security concern.
Hi, Brian.
I would assume the symlink is done from another restricted dir, such as a support dir owned by the support login, and only RW perms for the owner.
It wouldn't make much sense to symlink in from a world readable dir, fer sure :)
--
----------------------------------------------------
Pat Welch, UBB Computer Services, a WCS Affiliate
SCO Authorized Partner
Microlite BackupEdge Certified Reseller
Unix/Linux/Windows/Hardware Sales/Support
(209) 745-1401 Cell: (209) 251-9120
E-mail: patubb@xxxxxxxxxxx
----------------------------------------------------
.
- Prev by Date: Re: user permission problems
- Next by Date: Re: VMware, Ubuntu host with OS5.0.6 guest OS, networking
- Previous by thread: Re: user permission problems
- Next by thread: help analyzing low system(with sar/vmstat/u386mon/sarcheck data)
- Index(es):
Relevant Pages
|
|
