HPE Community
Operating System - HP-UX
1753415 Members
7201 Online
108793 Solutions
New Discussion юеВ

How Can Give a normal user read access to /tcb/files/auth/r/* ?

 
Mr.Right
Advisor

тАО12-09-2008 01:00 PM

тАО12-09-2008 01:00 PM

How Can Give a normal user read access to /tcb/files/auth/r/* ?

Hi,

I am facing a issue.

I am having HP-UX serevrs with me 11.11

I need to give one of my normal user access to /tcb/files/auth/r/.

So he can run only this command from his shell:-

1. ls -lrt /tcb/files/auth/r

2. cat /tcb/files/auth/r/*

Read access to all the files under /tcb/files/auth/r/*

Need help urgent.
0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

тАО12-09-2008 01:03 PM

тАО12-09-2008 01:03 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

Why on earth do you need to do that?

That completely goes against the reason for using a trusted system.

0 Kudos
Reply
OldSchool
Honored Contributor

тАО12-09-2008 01:07 PM

тАО12-09-2008 01:07 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

since I no longer have a trusted system to look at I will only note that you give him sufficient access via chmod, it certainly won't be limited to just those commands.

installing and configuring "sudo" would allow him to access to the commands, but wouldn't (as I recall) restrict it to just that directory / those files.

0 Kudos
Reply
Mr.Right
Advisor

тАО12-09-2008 01:11 PM

тАО12-09-2008 01:11 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

I have sudoers installed in my system..

what is need to do on sudoers file to give the user the required access.
0 Kudos
Reply
Tim Nelson
Honored Contributor

тАО12-09-2008 02:08 PM

тАО12-09-2008 02:08 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

I will have to second Patrick's comment and accept the zero point slap as well.

Why would you give anyone access to read the encrypted password entries for root and/or any other userid that starts with an "r" ?

Maybe explain why, because what you are asking for circumvents security.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО12-09-2008 03:05 PM

тАО12-09-2008 03:05 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

>what is need to do on sudoers file to give the user the required access.

Your sudo thread is:
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1295555
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО12-09-2008 03:50 PM

тАО12-09-2008 03:50 PM

Re: How Can Give a normal user read access to /tcb/files/auth/r/* ?

Shalom,

Do not pass go.

Do not collect $200

Never, ever for any reason change permissions on the files in /tcb/files

There is no good reason for it.

Better to use tsconvert to make the system not trusted than do this.

If you do this your system will fail SOX, security audits and it won't be very good for you either.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.