HPE Community
Operating System - HP-UX
1833059 Members
2526 Online
110049 Solutions
New Discussion

Can non-root user execute /sbin/ioscan?

 
SOLVED
Go to solution
Jun Zhang_4
Regular Advisor

‎10-03-2003 07:14 AM

‎10-03-2003 07:14 AM

Can non-root user execute /sbin/ioscan?

I set that file 4777, an ordinary user still cannot execute the command. Please help.
Food lover
0 Kudos
Reply
6 REPLIES 6
Brian Bergstrand
Honored Contributor

‎10-03-2003 07:19 AM

‎10-03-2003 07:19 AM

Solution

Re: Can non-root user execute /sbin/ioscan?

You've just opened your system for a huge trojan.

If you must allow normal users (and I don't know why), then try 2555 perms and make sure the file is owned by root: chown root /sbin/ioscan.

You may also want to investigate using sudo as you can restrict which users can use it and you have an audit trail.

HTH.
Reply
Brian Bergstrand
Honored Contributor

‎10-03-2003 07:22 AM

‎10-03-2003 07:22 AM

Re: Can non-root user execute /sbin/ioscan?

Sorry, that should be 4555, not 2555. Just get rid of the write perms.

ioscan is owned by bin so change the owner to root as I suggested and your users will be able to run it.

HTH.
0 Kudos
Reply
Sundar_7
Honored Contributor

‎10-03-2003 07:25 AM

‎10-03-2003 07:25 AM

Re: Can non-root user execute /sbin/ioscan?

Hi,

sure non-root user can execute ioscan.. u dont have to modify the permission.

just use the -k option

$ ioscan -fnk

Without -k option ioscan tries to refresh the kernel with the status of the devices. With -k opton it just queries the kernl memory and displays.

Sundar

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Mark Grant
Honored Contributor

‎10-03-2003 07:25 AM

‎10-03-2003 07:25 AM

Re: Can non-root user execute /sbin/ioscan?

Actually I believe 4555 is more likely to work as this will set the setuid bit whereas 2555 will set the guid bit (6555 for both). I think Brian has a good point when he says that you shouldn't really do this and sudo is a much better option.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
Brian Bergstrand
Honored Contributor

‎10-03-2003 07:35 AM

‎10-03-2003 07:35 AM

Re: Can non-root user execute /sbin/ioscan?

Sundara's option is better than anything else. I completly forgot about that. With -k you don't have to change anything.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-03-2003 07:54 AM

‎10-03-2003 07:54 AM

Re: Can non-root user execute /sbin/ioscan?

No.

You get an error accessing /dev/config

If you open up permissions there you might as well just wipe the whole box out.

This is a HUGE security problem. ioscan is an admin tool. Anyone that uses it should be trusted with the root password.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.