HPE Community
Operating System - HP-UX
1753336 Members
4804 Online
108792 Solutions
New Discussion юеВ

Re: Create a depot with non-root user

 
SOLVED
Go to solution
Vibhor Kumar Agarwal
Esteemed Contributor

тАО06-07-2009 10:09 PM

тАО06-07-2009 10:09 PM

Create a depot with non-root user

Hi,

I am creating a depot with non-root user.
Giving the "run_as_superuser=false" with swpackage command starts the process successfully.

I want the files to have the permissions of the user with which the swpackage command is being run but the files should get deployed as permissions of root. This is what is troubling me.

If the permissions are of the calling user, it gets deployed with the same permissions.
The "file_permissions -o bin -g bin -m 555" tag doesn't take only "owner" & "group", it requires "mode" as well. This gives the same permissions to all files.

How can i create the depot with a non-root user will file permissions on getting deployed as root (having calling user permissions in the package creation directory)?
Thanks
Vibhor Kumar Agarwal
0 Kudos
Reply
23 REPLIES 23
F Verschuren
Esteemed Contributor

тАО06-07-2009 11:20 PM

тАО06-07-2009 11:20 PM

Re: Create a depot with non-root user

If this is poseble there is a leak in the swinstall, to do this you can uses sudo to give the user (partitual) root acces to run the swinstall,

If a normal user is able to create a depot whit root files, and can install it the user can get root privilages (and if that works there is a security leak in swinstall....)

how to implement sudo Just reares for sudo ore sudoers on the forum...
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

тАО06-08-2009 12:43 AM

тАО06-08-2009 12:43 AM

Re: Create a depot with non-root user

Talking about creation of packages and not installing.

User can create packages with a non-root user, but the installation requires him to be root.
Vibhor Kumar Agarwal
0 Kudos
Reply
Bob E Campbell
Honored Contributor

тАО06-08-2009 12:30 PM

тАО06-08-2009 12:30 PM

Re: Create a depot with non-root user

This is Unix... anything is possible!

Take a look at the swacl(1m) man page. It allows fine-grained control over SD-UX operations. The catch is well stated in that page:

Some operations allowed by ACLs are run as local superuser. Because files are loaded and scripts are run as superuser, granting a user write permission on a root filesystem or insert permission on a host effectively gives that user superuser privileges.


So you *can* allow users installation priviledges, but anyone that can install software should be considered to have full root access.
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

тАО06-08-2009 11:58 PM

тАО06-08-2009 11:58 PM

Re: Create a depot with non-root user

Probably you misunderstood my question.

I only want to create the depot with non-root user.

Please go through my first post, the problem is putting the right permissions in the depot files.
Vibhor Kumar Agarwal
0 Kudos
Reply
Bob E Campbell
Honored Contributor

тАО06-09-2009 02:48 PM

тАО06-09-2009 02:48 PM

Re: Create a depot with non-root user

If you look at the Examples section of the swacl(1M) man page you will see several items of interest. In particular:

To allow user allen to create, register, and manage all new depots and roots on the local system:

swacl -l host -M user:allen:a
swacl -l global_soc_template -M user:allen:a
swacl -l global_product_template -M user:allen:a

To allow user allen to fully manage my_depot, which already exists:

swacl -l depot -M user:allen:a @ /my_depot
swacl -l product_template -M user:allen:a @ /my_depot
swacl -l product -M user:allen:a \* @ /my_depot
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

тАО06-10-2009 12:54 AM

тАО06-10-2009 12:54 AM

Re: Create a depot with non-root user

Went through swacl man page. Couldn't find the thing i am looking for.

Here is what i want:
Have a couple of files named a & b with permissions of user x. I want them to get deployed when root installs the depot as "root".
file_permissions attribute is not helping me because it can't take the owner & group argument alone, it require mode as well. My files have different modes and don't want to specify that tag for every file.
Vibhor Kumar Agarwal
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО06-10-2009 06:57 AM

тАО06-10-2009 06:57 AM

Re: Create a depot with non-root user

>Have a couple of files named a & b with permissions of user x. I want them to get deployed when root installs the depot as "root".

You can leave out the -m mode and use the file specification for your few root files.
All other files should have the proper modes (and owners if possible) before you use swpackage.
0 Kudos
Reply
Bob E Campbell
Honored Contributor

тАО06-10-2009 08:08 AM

тАО06-10-2009 08:08 AM

Re: Create a depot with non-root user

Oh! This is a PSF question. That man page is swpackage(4) (use command "man 4 swpackage").

In the PSF you can specify attributes on a per file/directory basis. For example:

file -m 0555 -o bin -g bin /tmp /opt/swa

If you post your PSF (or an abstract) we could propose specific changes.
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

тАО06-10-2009 09:31 PM

тАО06-10-2009 09:31 PM

Re: Create a depot with non-root user

> You can leave out the -m mode and use the file specification for your few root files.

That's what exactly what i want and is not happening.

Sample psf file (of the fileset tag):
directory Test=/opt/Test
file *

Tried giving
file_permissions -o bin -g bin
but it gives an error & requires the "-m" tag as well, like below (but this disturbs my file permissions)
file_permissions -o bin -g bin -m 555

If i can somehow give "file_permissions -o bin -g bin", my problem is solved.
Options ?
Vibhor Kumar Agarwal
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.