Patches
Showing results for 
Search instead for 
Do you mean 

restrict swlist only for root

SOLVED
Go to Solution
Trusted Contributor Trusted Contributor

restrict swlist only for root

[ Edited ]

I am trying to restrict the permissions of swlist only for root, that means only root can run this command, I know I can use setacl/getacl, but when I run
getacl swlist
It said that "acl failed for file "usr/sbin/swlist", Function is not availabe", any idea? Or any other better solutions? Thanks.

 

 

P.S. This thread has been moved from HP-UX > General to  HP-UX > patches - HP Forums Moderator

9 REPLIES
Respected Contributor Respected Contributor

Re: restrict swlist only for root

chmod 700 `which swlist`
Honored Contributor Honored Contributor

Re: restrict swlist only for root

Change the permissions:


chmod 4500 swlist


live free or die
harry
Live Free or Die
Honored Contributor Honored Contributor

Re: restrict swlist only for root

Hi Victor

This will work

chmod 4544 /usr/sbin/swlist


Manoj Srivastava
Honored Contributor

Re: restrict swlist only for root

Hi Victor:

What type of file system ? The acl's will work only with JFS 3.3 and above.

You can consider using chmod command:

# chmod 700 swlist

I think there will be issues if you restrict the read/execute permission to others.

HTH,
Shiju

Life is a promise, fulfill it!
Honored Contributor Honored Contributor

Re: restrict swlist only for root

getacl is for JFS filesystem.

lsacl is for HFS filesystem.

Is /usr/sbin/swlist on an HFS FS ?
Honored Contributor Honored Contributor

Re: restrict swlist only for root

Maybe a little drastic, but you can take /usr/sbin out of the paths of regular users

Hope this helps

Chris
It wasn't me!!!!
Trusted Contributor Trusted Contributor

Re: restrict swlist only for root

Shiju:

Can you give me more details about "I think there will be issues if you restrict the read/execute permission to others"? What is the potential problem? Thanks.
Trusted Contributor Trusted Contributor

Re: restrict swlist only for root

Thanks all, what about I also want to disable remote access, I mean,

swlist @hostname ...
Honored Contributor

Re: restrict swlist only for root

Hi Victor:

I have mentioned that point, because normally the permissions set to the commands and utilities in /usr, /usr/sbin, /etc are very OS specific. You should be very careful when changing the permissions or ownership of those files.

I will give you an eg: My oracle dba once reported an error starting the database -"permission denied". The problem reported to metalink and the solution was to check the permission of 'lanscan' command. In that case the permission of lanscan was incorrect when I checked it.

Like this, in your case if any dba/developer install or update any application/program which in turn calls 'swlist', then there are chances that you unnecessary spending time on it !

Sorry, if I was confusing you.

my 2 cents ..
Shiju
Life is a promise, fulfill it!