System Administration
Showing results for 
Search instead for 
Did you mean: 

sudo privelege for /dev/kmem

Go to solution
Trusted Contributor

sudo privelege for /dev/kmem

Hi gurus,


I need to give sudo priveleges to one user iris for the below commands


1) echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1

2) echo 'memory_installed_in_machine/D' | adb -k /stand/vmunix /dev/mem | tail -1


for the first command, i have put as below in sudoers file


iris ALL=(root) NOPASSWD:/usr/bin/adb -k /stand/vmunix /dev/kmem,/usr/bin/echo itick_per_usec/D


but while executing, it is giving below error:-


$ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1
cannot open `/dev/kmem', errno = 13,  Permission denied



I tried by giving just /usr/bin/adb in sudoers file, but it also did not work and showing the below error


$ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1
Password: cannot open `/dev/kmem', errno = 13,  Permission denied

Sorry, user iris is not allowed to execute '/usr/bin/echo itick_per_usec/D' as root on ebzdbp10.



The permissions of the files are as below:-



$ ll /stand/vmunix
-rwxr-xr-x   1 root       sys        26958832 May 31  2005 /stand/vmunix
$ ls -ld /dev/kmem
crw-r-----   1 bin        sys          3 0x000001 Nov 15  2000 /dev/kmem


Please help with above both commands




Honored Contributor

Re: sudo privelege for /dev/kmem

> $ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1


This command will only run the first part (highlighted in red) with root privileges. You'll want to specify the command a bit differently:


echo itick_per_usec/D | sudo adb -k /stand/vmunix /dev/kmem | tail -1

 You can remove the "echo" command from the sudoers file. "echo" only writes stuff to standard output; it will never need root access for anything.


(If you want to redirect the output of "echo" to something that requires root privileges, you won't need the privileges for the "echo" command, but for the shell that sets up the redirection before running the actual command.)