Operating System - HP-UX
1748081 Members
5151 Online
108758 Solutions
New Discussion юеВ

Sam customization or restricting sam user access

 
Medavie
Valued Contributor

Sam customization or restricting sam user access

I am looking to see if there is a way to add custom scripts to SAM, that are interactive. IE: A script to add users, but the SAM application would need to be able to accept standard input from an interactive shell scrip.

Altertively I would like more granular control over the "Accounts for Users and Groups" menu, to restrict what can be done in there.
6 REPLIES 6
Vishu
Trusted Contributor

Re: Sam customization or restricting sam user access

HI,

you can use the following command

# sam -r

with this, you can provide the restricted access of SAM areas to the specific users.
Tim Nelson
Honored Contributor

Re: Sam customization or restricting sam user access

You can also create custom groups and actions that can execute your scripts.

this is a great way not to have to write menus and a secure way to run scripts as root ( assuming you write secure scripts ).

In a past life we used it mainly to delegate user password resets to our Help Desk.


Emil Velez
Honored Contributor

Re: Sam customization or restricting sam user access

remember sam is not present in 11.31

May want to consider sudo or RBAC
Md. Farhan A Azam
Trusted Contributor

Re: Sam customization or restricting sam user access

>>remember sam is not present in 11.31<<

We have RX series server with 11.31, and sam is also present.


thnx...farhan
Medavie
Valued Contributor

Re: Sam customization or restricting sam user access

Tim,

"You can also create custom groups and actions that can execute your scripts.
this is a great way not to have to write menus and a secure way to run scripts as root ( assuming you write secure scripts ).
In a past life we used it mainly to delegate user password resets to our Help Desk"

Were you able to get these scripts to accept STDIN? My tests of this using the shell script read statement does not work when adding applications in the SMH/Settings/Add Custom menu. The script runs and gives output, but does not accept STDIN parameters or prompts from the read syntax. ($1, etc)

thanks
Howard Bryden_3
New Member

Re: Sam customization or restricting sam user access

<< Were you able to get these scripts to accept STDIN? My tests of this using the shell script read statement does not work when adding applications in the SMH/Settings/Add Custom menu. The script runs and gives output, but does not accept STDIN parameters or prompts from the read syntax. ($1, etc) >>

It seems the way to launch an application that may require input is to specify a run command of the form

/usr/bin/X11/dtterm -e commandline

i.e. spawn a terminal at the desktop (which of course must be running something like Reflection/X) and run the command in that environment. The command line argument to -e is unquoted, i.e. the first word is the command, anything after that is an argument thereto. Quoting appears to apply, i.e.

/usr/bin/X11/dtterm -e command 1 "2 3" 4

will pass the 2d argument as the string "2 3" and the 3d argument as "4".

As is the case with utilities like cron and su, the environment is a basic one; to get the full login environment, I found this did the trick:

/usr/bin/X11/dtterm -e /usr/bin/sh -c '. /etc/profile; ~/.profile; command'


Frankly I'd have thought there was still a place for _restricted_ SAM in the v3 distro, that part of it was quite a neat GUI/TUI wrapper for su.
Rocky: "... we've got to think!" / Bullwinkle: "There must be an easier way than that."