HPE Community
Operating System - HP-UX
1834137 Members
2609 Online
110064 Solutions
New Discussion

Allow a person to run a command with root privilage

 
Mark Treen_1
Advisor

‎12-07-2005 05:49 AM

‎12-07-2005 05:49 AM

Allow a person to run a command with root privilage

Hi All

They say a question is only easy if you know the answer!

I now the possibility exists just dont know how!!

How can I allow a 'normal' user to be able to run a command (lets say a command to start or stop and agent) which needs root permission to run without giving them roots password o doing it myself??

Thanks as always - you guys do a great job!

Mark
Mark Treen
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

‎12-07-2005 05:52 AM

‎12-07-2005 05:52 AM

Re: Allow a person to run a command with root privilage

Download, install, and setup sudo.

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p9/


Pete

Pete
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-07-2005 05:59 AM

‎12-07-2005 05:59 AM

Re: Allow a person to run a command with root privilage

Shalom,

sudo lets you with a simiple configuration file decide which commands to grant to which user.

Its a standard in man shops.

The program itself requires set uid privledges and the depot posted by Pete has in the past done this right, causing an install error, which you fix by manually setting the suid on the binary.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
DCE
Honored Contributor

‎12-07-2005 06:01 AM

‎12-07-2005 06:01 AM

Re: Allow a person to run a command with root privilage

sudo gives you that capability.

You grant authorizations to specific ids in a configuration file, then the use user can issue a command

i.e. sudo lpshut

sudo will ask for the users password before allowing the program to execute

The site listed in the prior answer has several helpful utilities as well as sudo
0 Kudos
Reply
Mark Treen_1
Advisor

‎12-07-2005 06:25 AM

‎12-07-2005 06:25 AM

Re: Allow a person to run a command with root privilage

Hi Guys

I knew a little about the sudo and suid stuff but maybe I am at fault with no explaining well.

Isnt there some method whereby at the time of execution of a command, no matter who the current user is, when that command is issued, it in turn becomes issued by the owner of that file (not necesarily root)- like a switch id in the moment.

So I want user 'abc' to be able to run command / script whos owner is 'def'.... is this possible?

Thanks Mark
Mark Treen
0 Kudos
Reply
Andy Torres
Trusted Contributor

‎12-07-2005 06:28 AM

‎12-07-2005 06:28 AM

Re: Allow a person to run a command with root privilage

I have heard some so-called security experts call sudo a security threat, and other say it is fine. Is that a myth spread by third-party software sellers (*cough*cough*Symark*cough*cough*) or is there some actual weight to the claim?

Sorry to I hijack Mark's thread. I'll open my own if y'all think I should.
0 Kudos
Reply
Andy Torres
Trusted Contributor

‎12-07-2005 06:30 AM

‎12-07-2005 06:30 AM

Re: Allow a person to run a command with root privilage

In light of Mark's further explanation, I'm inclined to recommend he check out PowerBroker, which would allow you to configure specific users to run specific commands. Mark, check it out at Symark's web site. It's not free, but very effective.
0 Kudos
Reply
Mark Treen_1
Advisor

‎12-07-2005 06:35 AM

‎12-07-2005 06:35 AM

Re: Allow a person to run a command with root privilage

Is there no way of doing this without installing third party software?

Thats what I am after...


Mark Treen
0 Kudos
Reply
Raj D.
Honored Contributor

‎12-07-2005 06:37 AM

‎12-07-2005 06:37 AM

Re: Allow a person to run a command with root privilage

Hi Mark ,

You can use sudo , no security threat , and we are using it happily , and designed to allow a sysadmin to give limited root privileges
to users and log root activity ,and controlling users access , with sudo , there will be a sudoers file , where you need to mention the permissions , like which command needs to give access to, etc.

Here is the link:

http://www.courtesan.com/sudo/download.html

Also check the readme file for details:
http://www.courtesan.com/sudo/readme.html

Logs can be found in : /var/log/sudo.log and also keeps posted in syslog.log


cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎12-07-2005 06:37 AM

‎12-07-2005 06:37 AM

Re: Allow a person to run a command with root privilage

Mark,

It sounds like you need to look at using the setuid bit. Create a script that invokes the command you want the user to run, make the owner root and the group that of the user, then turn on the setuid bit. The user will gain permission to execute the command because of the group permissions and the command will run as root because of the setuid bit.

Take a look at the man page for chown.


Pete

Pete
0 Kudos
Reply
Raj D.
Honored Contributor

‎12-07-2005 06:41 AM

‎12-07-2005 06:41 AM

Re: Allow a person to run a command with root privilage

Hi Mark ,

for example you can run command with root access as follows, :

$ sudo ioscan -fnC tape
$ sudo useradd -u 250 -s/bin/sh .....

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.