System Administration
Showing results for 
Search instead for 
Do you mean 

Problem regarding creating a new policy for powerbroker

Highlighted
Frequent Advisor

Problem regarding creating a new policy for powerbroker

Hi All,

 

I'm trying to create a new policy for powerbroker, which allows users to run a script as root. But, I'm not able to do so. Please, help.

# cat /etc/pb.conf
##############################################################################

include "/etc/pb/diskusage.conf";
include "/etc/pb/catchall.conf";
print("Fell through PowerBroker configuration. Please notify Summit System Support.");

reject;

# cat /etc/pb/diskusage.conf
all_diskusage_auth={
"ashutosh",
"root"
};

 

if ( ( user !all_diskusage_auth ) && ( command == "diskusage" ) ) {
reject "You are not authorized to use diskusage.";

# OK, user is authorized to use diskusage. Test for ownership in no-diskusage
# is done in shell code.

} else if ( ( user in all_diskusage_auth ) && ( command == "diskusage" ) ) {
runuser = "root";
runcommand = "/opt/summit/util/pb/diskusage";
accept;
}

# cat /opt/summit/util/pb/diskusage
#!/usr/bin/sh

##########################################################################
# Get the disk usage for all directories in /develop/home and
# log the results to a logfile in /tmp. Change the ownership
# of the logfile to the user "mcook" and move the file to the
# "mcook" home directory.
##########################################################################

##########################################################################
# Set up internal script variables.
##########################################################################

DATE=`date +"%m%d%y"`
LOG=ulog.${DATE}

##########################################################################
# Clean up any old logfiles, if present.
##########################################################################
echo "super run" >>/tmp/superrun
if [ -e /tmp/${LOG} ] ; then
rm -f /tmp/${LOG}
fi
if [ -e ~mcook/${LOG} ] ; then
rm -f ~mcook/${LOG}
fi

##########################################################################
# Change dir. to /develop/home and record the dir. usage.
##########################################################################

cd /develop/home
du -k -s * > /tmp/${LOG} 2>&1

##########################################################################
# Make sure final ownership and permissions on the logfile
# are correct, and move the file to the "mcook" home dir.
##########################################################################

chmod 644 /tmp/${LOG}
chown mcook:develop /tmp/${LOG}
mv /tmp/${LOG} ~mcook

exit 0

 

 

$ pbsu2 diskusage
pbrun7.0.0-08[7056]: ERROR: The specified security file was not found.

 

Regards,

Ashutosh Singh