- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Help getting swinstall restricted
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 04:33 PM
тАО02-11-2010 04:33 PM
Help getting swinstall restricted
In your experience what is the best way to restrict the use of swinstall in order to gain change management...
I'm think sudo could be a good one just want to know your opinion...
Regards!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 04:52 PM
тАО02-11-2010 04:52 PM
Re: Help getting swinstall restricted
sudo is simply a way to temporarily elevate privileges -- but there is no reason to use sudo if the sudoers file is a list of users with ALL ALL privileges. Just give the users the root password -- it accomplishes the same thing. A proper sudo file will restrict every user to a few commands, most with restricted arguments.
For instance, if a user wants to mount and umount a CD, that user is only allowed to reference the CD device file and /cdrom. Anything else and the command fails and the attempt is logged for the auditors.
Good change control carries a lot of overhead -- only certain people can do anything and only after change control approvals have been completed. Picking on swinstall is not the answer. All sysadmin tasks must be examined and then restricted to only a few.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 05:05 PM
тАО02-11-2010 05:05 PM
Re: Help getting swinstall restricted
So you think "divide and conquer" would be a good approach?
I'm actually never had used sudo, let me read tha manual and i'll be back, luckily, with more specific questions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 06:43 PM
тАО02-11-2010 06:43 PM
Re: Help getting swinstall restricted
from ur message it seems that you want to allow some users to have access to run swinstall.
Apart from sudo there are other 3rd party tools as well, one very good I worked on is powerbroker from Symark.
BR,
Kapil+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-15-2010 05:29 AM
тАО02-15-2010 05:29 AM
Re: Help getting swinstall restricted
You may want to have a look at swacl, though it may not be quite what you're looking for:
http://www.docs.hp.com/en/B2355-90692/swacl.1M.html
---
All root filesystems, software depots, and products in software depots are protected by ACLs. The SD commands permit or prevent specific operations based on whether the ACLs on these objects permit the operation. The swacl command is used to view, edit, and manage these ACLs. The ACL must exist and the user must have the appropriate permission (granted by the ACL itself) in order to modify it.
---