HPE Community
Operating System - HP-UX
1825769 Members
2096 Online
109687 Solutions
New Discussion

How to control user's privilige?

 
SOLVED
Go to solution
Ryan Gu
Frequent Advisor

‎10-25-2005 03:59 PM

‎10-25-2005 03:59 PM

How to control user's privilige?

I want to limit some user's privilige.
Such as:
an system administrator: root
a application administrator: appctl
a server startup and shutdown user: operator

I want the user operator only own some commands executive privilige.
1. shutdown
2. ping
3. traceroute
4. netstat

I don't want him to execute such as: vi, mkdir, rmdir etc.

How can I do ?
Ryan Gu
0 Kudos
Reply
3 REPLIES 3
RAC_1
Honored Contributor

‎10-25-2005 04:25 PM

‎10-25-2005 04:25 PM

Solution

Re: How to control user's privilige?

You can use sudo can give rights to
particular user to execute a particular command.

For startup and shutdown, you can configure /etc/shutdown.allow file and put users there.
There is no substitute to HARDWORK
Reply
Adisuria Wangsadinata_1
Honored Contributor

‎10-25-2005 04:35 PM

‎10-25-2005 04:35 PM

Re: How to control user's privilige?

Hi,

Use SUDO, available at this url below :

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p9/

This is a package to allow commands to be run as the superuser, from description :

"Sudo determines who is an authorised user by consulting your /etc/sudoers database. The program prompts for a user's password to initiate a validation period of N minutes, here N is defined at installation time. N.B. There is no easy way to prevent a user from gaining a root shell if he has access to commands that are shell scripts or that allow shell escapes."

Hope this information can help you.

Cheers,
AW
now working, next not working ... that's unix
Reply
Zigor Buruaga
Esteemed Contributor

‎10-25-2005 04:44 PM

‎10-25-2005 04:44 PM

Re: How to control user's privilige?

Hi,

In addition, you can use Restricted SAM. As "root", type "sam -r" and then you can define what the users can do in SAM.
Let's say you choose to configure the user "operator". Then disable all the menus you don't want him/her to use, and enable the ones you want ( in "normal" SAM, as root, you can define previously new groups for your own scripts ).
You can even change the default shell for the operator, and put instead the path to SAM, so once logged he/she can only see the restricted SAM.
Only an idea to play with ...

Regards,
Zigor
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.