HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

sudo privelege for /dev/kmem

 
SOLVED
Go to solution
Vishu
Trusted Contributor

sudo privelege for /dev/kmem

Hi gurus,

 

I need to give sudo priveleges to one user iris for the below commands

 

1) echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1

2) echo 'memory_installed_in_machine/D' | adb -k /stand/vmunix /dev/mem | tail -1

 

for the first command, i have put as below in sudoers file

 

iris ALL=(root) NOPASSWD:/usr/bin/adb -k /stand/vmunix /dev/kmem,/usr/bin/echo itick_per_usec/D

 

but while executing, it is giving below error:-

 

$ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1
cannot open `/dev/kmem', errno = 13,  Permission denied

 

 

I tried by giving just /usr/bin/adb in sudoers file, but it also did not work and showing the below error

 

$ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1
Password: cannot open `/dev/kmem', errno = 13,  Permission denied

Sorry, user iris is not allowed to execute '/usr/bin/echo itick_per_usec/D' as root on ebzdbp10.

$

 

The permissions of the files are as below:-

 

 

$ ll /stand/vmunix
-rwxr-xr-x   1 root       sys        26958832 May 31  2005 /stand/vmunix
$ ls -ld /dev/kmem
crw-r-----   1 bin        sys          3 0x000001 Nov 15  2000 /dev/kmem
$

 

Please help with above both commands

 

Thanks

Vishu

1 REPLY
Matti_Kurkela
Honored Contributor
Solution

Re: sudo privelege for /dev/kmem

> $ sudo echo itick_per_usec/D | adb -k /stand/vmunix /dev/kmem | tail -1

 

This command will only run the first part (highlighted in red) with root privileges. You'll want to specify the command a bit differently:

 

echo itick_per_usec/D | sudo adb -k /stand/vmunix /dev/kmem | tail -1

 You can remove the "echo" command from the sudoers file. "echo" only writes stuff to standard output; it will never need root access for anything.

 

(If you want to redirect the output of "echo" to something that requires root privileges, you won't need the privileges for the "echo" command, but for the shell that sets up the redirection before running the actual command.)

MK