HPE Community
Operating System - HP-UX
1826466 Members
2357 Online
109692 Solutions
New Discussion

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

 
Michael Mtweve
Occasional Advisor

‎04-20-2006 01:25 AM

‎04-20-2006 01:25 AM

HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

HI,

I need to assign certain users in HP-UNIX 11.23 to execute privileged commands like ROOT user, example to shutdown the system.

How can I set it in the system?

regards,

Mike
0 Kudos
Reply
6 REPLIES 6
Patrick Wallek
Honored Contributor

‎04-20-2006 01:33 AM

‎04-20-2006 01:33 AM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

Why someone other than root would need to shut down a system is beyond me, but anyway....

To allow someone to use the shutdown command you can add their user id to the /etc/shutdown.allow file.

If you need to allow them to do other root-type commands, then your best bet is to install sudo.

http://www.courtesan.com/sudo

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p12/
0 Kudos
Reply
Tom Henning
Trusted Contributor

‎04-20-2006 10:56 PM

‎04-20-2006 10:56 PM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

I am in aggreement with Patrick, and recommend using sudo to allow normal users access to specific root command. Sudo has the advantage of logging it's use so that later on you can figure out just what happened.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎04-20-2006 11:34 PM

‎04-20-2006 11:34 PM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

Good news. At 11.23 you can use RBAC
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl and it's free.

HP-UX Role-based Access Control (RBAC) is an alternative to the traditional "all-or-nothing" root user model, which grants permissions to the root user for all operations, and denies permissions to non-root users for certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to non-root users and groups.
"Downtime is a Crime."
0 Kudos
Reply
Devender Khatana
Honored Contributor

‎04-20-2006 11:36 PM

‎04-20-2006 11:36 PM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

Hi,

sudo is the best way to achive this and is also available on Internet Express media received alongwith software updates or system.

Allthough shutdown permission can also be allowed to a normal user by entering his username in /etc/shudown.allow command.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Reply
Michael Mtweve
Occasional Advisor

‎04-21-2006 12:15 AM

‎04-21-2006 12:15 AM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

Hi,
I edited the /etc/shutdown.allow file by adding one user.
hen I tried to shut down the system it still complain that the user has no rights to shut down.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-21-2006 12:20 AM

‎04-21-2006 12:20 AM

Re: HOW TO SET PERMISSION FOR NORMAL USER TO EXECUTE PRIVILEGED COMMANDS

Hi Mike:

Entriies in the '/etc/shutdown.allow' file must specify the hostname and the username, as for example:

mysystem me

See the manpages for 'shutdown(1M)' for more information.

Regards!

...JRF...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.