topic Re: User Privileges in Operating System - HP-UX

User Privileges

Oliver McNamee_2 — Wed, 05 Mar 2003 17:22:55 GMT

Hi,

May sound like a stupid question, but does anyone know of a safe and secure method of allowing a normal user to perform
administration tasks.

Tasks, such as creating/managing/deleting user accounts and printers.

We need to restrict root access to our hp-ux servers.

Any help/suggestions/advice very much appreciated.

Regards
Oliver

Re: User Privileges

Paul Sperry — Wed, 05 Mar 2003 17:26:06 GMT

use sudo or super

sudo-1.6.6
A package to allow commands to be run as the superuser. Sudo determines who is an authorised user by consulting your /etc/sudoers database. The program prompts for a user's password to initiate a validation period of N minutes, here N is defined at installation time. N.B. There is no easy way to prevent a user from gaining a root shell if he has access to commands that are shell scripts or that allow shell escapes.
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

super-3.9.7
Super allows users to execute commands as a superuser. It can restrict which users on which hosts are allowed to execute setuid-root programs on a per-program and per-user basis. It is not restricted to running a program as root, it allows named users to execute programs as other users.
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/super-3.9.7/

Re: User Privileges

Pete Randall — Wed, 05 Mar 2003 17:26:20 GMT

You need to take a look at sudo, available from the porting and archive center:

http://hpux.connect.org.uk/

Pete

Re: User Privileges

Pete Randall — Wed, 05 Mar 2003 17:27:01 GMT

You could also look at restricted SAM (sam -r)

Pete

Re: User Privileges

Michael Steele_2 — Wed, 05 Mar 2003 17:46:34 GMT

That's what SAM was made for, restricted root access for users that want to "BEROOT".