HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP-UX RBAC Configuration problem
Operating System - HP-UX
1827667
Members
3950
Online
109966
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2006 01:48 AM
12-21-2006 01:48 AM
HP-UX RBAC Configuration problem
HI all ,
I've need some help ( sorry in addvance for the long post ,but i think that will help more clear the question )
I’ve got the following problem configuring RBAC . I made a script /tmp/test1 with /usr/bin/pwd command in it . Using RBAC command I made a role ScriptsOperator , assigned the role to user3 , added authorization custom.script , used the cmdprivadm to add file /tmp/test1 to /etc/rbac/cmd_priv and finally when I tried to execute the script with the command :
privrun -v /tmp/test1 it sais execution of command failed
Here are the results from my terminal
root@saruman:/tmp# ll /tmp/test1
-rwxrwxrwx 1 root sys 4 Dec 21 15:37 /tmp/test1
root@saruman:/tmp#
root@saruman:/tmp# more /tmp/test1
/usr/bin/pwd
root@saruman:/tmp#
root@saruman:/tmp# roleadm list
root:Administrator
user1:FileSystemOperator
user2:MailOperator
user3:ScriptsOperator
root@saruman:/tmp#
root@saruman:/tmp# authadm list
Administrator: (hpux.*, *)
MailOperator: (hpux.network.service.stop, *) (hpux.network.service.start, *)
FileSystemOperator: (hpux.fs.unmount, *) (hpux.fs.mount, *)
ScriptsOperator: (custom.script, *)
root@saruman:/tmp#
root@saruman:/tmp#
I added the authorization with :
root@saruman:/tmp# cmdprivadm add file=/tmp/test1 op=custom.script object='*' ruid=0 euid=0 rgid=0 egid=0 flags=edit
/tmp/test1::(custom.script,*):0/0/0/0::::edit
cmdprivadm added the entry to /etc/rbac/cmd_priv
root@saruman:/tmp# su user3
root@saruman:/tmp# whoami
user3
root@saruman:/tmp#
root@saruman:/tmp# /tmp/test1
/tmp
root@saruman:/tmp# privrun -v /tmp/test1
privrun: user user3 intends to execute command /tmp/test1
privrun: input entry: '/tmp/test1:dflt:(,):///:dflt:dflt::'
privrun: found matching entry: '/tmp/test1:dflt:(custom.script,*):0/0/0/0:dflt:dflt::edit'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/0/0
privrun: current settings for ruid/euid/rgid/egid are 0/0/0/0
privrun: executing: /tmp/test1
privrun: execution of command failed
I've need some help ( sorry in addvance for the long post ,but i think that will help more clear the question )
I’ve got the following problem configuring RBAC . I made a script /tmp/test1 with /usr/bin/pwd command in it . Using RBAC command I made a role ScriptsOperator , assigned the role to user3 , added authorization custom.script , used the cmdprivadm to add file /tmp/test1 to /etc/rbac/cmd_priv and finally when I tried to execute the script with the command :
privrun -v /tmp/test1 it sais execution of command failed
Here are the results from my terminal
root@saruman:/tmp# ll /tmp/test1
-rwxrwxrwx 1 root sys 4 Dec 21 15:37 /tmp/test1
root@saruman:/tmp#
root@saruman:/tmp# more /tmp/test1
/usr/bin/pwd
root@saruman:/tmp#
root@saruman:/tmp# roleadm list
root:Administrator
user1:FileSystemOperator
user2:MailOperator
user3:ScriptsOperator
root@saruman:/tmp#
root@saruman:/tmp# authadm list
Administrator: (hpux.*, *)
MailOperator: (hpux.network.service.stop, *) (hpux.network.service.start, *)
FileSystemOperator: (hpux.fs.unmount, *) (hpux.fs.mount, *)
ScriptsOperator: (custom.script, *)
root@saruman:/tmp#
root@saruman:/tmp#
I added the authorization with :
root@saruman:/tmp# cmdprivadm add file=/tmp/test1 op=custom.script object='*' ruid=0 euid=0 rgid=0 egid=0 flags=edit
/tmp/test1::(custom.script,*):0/0/0/0::::edit
cmdprivadm added the entry to /etc/rbac/cmd_priv
root@saruman:/tmp# su user3
root@saruman:/tmp# whoami
user3
root@saruman:/tmp#
root@saruman:/tmp# /tmp/test1
/tmp
root@saruman:/tmp# privrun -v /tmp/test1
privrun: user user3 intends to execute command /tmp/test1
privrun: input entry: '/tmp/test1:dflt:(,):///:dflt:dflt::'
privrun: found matching entry: '/tmp/test1:dflt:(custom.script,*):0/0/0/0:dflt:dflt::edit'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/0/0
privrun: current settings for ruid/euid/rgid/egid are 0/0/0/0
privrun: executing: /tmp/test1
privrun: execution of command failed
keep running
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2006 02:07 AM
12-21-2006 02:07 AM
Re: HP-UX RBAC Configuration problem
Instead of "cmdprivadm add file=/tmp/test1 "
use :
cmdprivadm add cmd=/tmp/test1
regards,
ivan
use :
cmdprivadm add cmd=/tmp/test1
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2006 02:32 AM
12-21-2006 02:32 AM
Re: HP-UX RBAC Configuration problem
Hi made it but the result is the same
root@saruman:/tmp# cmdprivadm add cmd=/tmp/test1 op=custom.script object='*' ruid=0 euid=0 rgid=0 egid=0 flags=edit
/tmp/test1::(custom.script,*):0/0/0/0::::edit
cmdprivadm added the entry to /etc/rbac/cmd_priv
root@saruman:/tmp#
root@saruman:/tmp#
root@saruman:/tmp# rbacdbchk
root@saruman:/tmp# roleadm list
root:Administrator
user1:FileSystemOperator
user2:MailOperator
user3:ScriptsOperator
root@saruman:/tmp#
root@saruman:/tmp#
root@saruman:/tmp# authadm list
Administrator: (hpux.*, *)
MailOperator: (hpux.network.service.stop, *) (hpux.network.service.start, *)
FileSystemOperator: (hpux.fs.unmount, *) (hpux.fs.mount, *)
ScriptsOperator: (custom.script, *)
root@saruman:/tmp#
root@saruman:/tmp#
root@saruman:/tmp# su user3
root@saruman:/tmp# more test1
/usr/bin/pwd
root@saruman:/tmp# /tmp/test1
/tmp
root@saruman:/tmp# privrun -v /tmp/test1
privrun: user user3 intends to execute command /tmp/test1
privrun: input entry: '/tmp/test1:dflt:(,):///:dflt:dflt::'
privrun: found matching entry: '/tmp/test1:dflt:(custom.script,*):0/0/0/0:dflt:dflt::edit'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/0/0
privrun: current settings for ruid/euid/rgid/egid are 0/0/0/0
privrun: executing: /tmp/test1
privrun: execution of command failed
keep running
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2006 02:38 AM
12-21-2006 02:38 AM
Re: HP-UX RBAC Configuration problem
Specify the -v option multiple times for additional levels of verbose output.
ivan
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2006 03:14 AM
12-21-2006 03:14 AM
Re: HP-UX RBAC Configuration problem
Hi ,
root@saruman:/tmp# privrun -v -v /tmp/test1
privrun: user user3 intends to execute command /tmp/test1
privrun: input entry: '/tmp/test1:dflt:(,):///:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/setboot:dflt:(hpux.admin.boot.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/mkboot:dflt:(hpux.admin.boot.make,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/rmboot:dflt:(hpux.admin.boot.remove,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kcalarm:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kconfig:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kcmodule:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kctune:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/mk_kernel:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/savecrash:dflt:(hpux.admin.kernel.crash.save,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/crashconf:dflt:(hpux.admin.kernel.crash.set,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/krs_flush:dflt:(hpux.admin.kernel.flushreg,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/killall:dflt:(hpux.admin.kernel.killproc,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/bin/kill:dflt:(hpux.admin.kernel.killproc,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kl:dflt:(hpux.admin.kernel.logging,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/dmesg:dflt:(hpux.admin.log.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/catman:dflt:(hpux.admin.manuals.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/fixman:dflt:(hpux.admin.manuals.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/killall:dflt:(hpux.admin.process.kill,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/renice:dflt:(hpux.admin.process.nice,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/psrset:dflt:(hpux.admin.pset.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/reboot:dflt:(hpux.admin.reboot,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ioinit:dflt:(hpux.admin.runlevel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init:dflt:(hpux.admin.runlevel.set,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ch_rc:dflt:(hpux.admin.service.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/auditing:start:(hpux.admin.service.start,auditing):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/cron:start:(hpux.admin.service.start,cron):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/envd:start:(hpux.admin.service.start,envd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/hub:start:(hpux.admin.service.start,hub):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/kl:start:(hpux.admin.service.start,kl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/lp:start:(hpux.admin.service.start,lp):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/ptydaemon:start:(hpux.admin.service.start,ptydaemon):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/pwgr:start:(hpux.admin.service.start,pwgr):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/swagentd:start:(hpux.admin.service.start,swagentd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syncer:start:(hpux.admin.service.start,syncer):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syslogd:start:(hpux.admin.service.start,syslogd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/utmpd:start:(hpux.admin.service.start,utmpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/auditing:stop:(hpux.admin.service.stop,auditing):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/cron:stop:(hpux.admin.service.stop,cron):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/envd:stop:(hpux.admin.service.stop,envd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/hub:stop:(hpux.admin.service.stop,hub):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/kl:stop:(hpux.admin.service.stop,kl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/lp:stop:(hpux.admin.service.stop,lp):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/ptydaemon:stop:(hpux.admin.service.stop,ptydaemon):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/pwgr:stop:(hpux.admin.service.stop,pwgr):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/swagentd:stop:(hpux.admin.service.stop,swagentd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syncer:stop:(hpux.admin.service.stop,syncer):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syslogd:stop:(hpux.admin.service.stop,syslogd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/utmpd:stop:(hpux.admin.service.stop,utmpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:date_time:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:timezone:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/date:dflt:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ntpdate:dflt:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/setuname:dflt:(hpux.admin.setuname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/swagentd:dflt:(hpux.admin.software.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/insf:dflt:(hpux.device.install,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mkboot:dflt:(hpux.device.mkboot,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ioscan:dflt:(hpux.device.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/rmsf:dflt:(hpux.device.remove,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/scsictl:dflt:(hpux.device.scsi.control,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/backup:dflt:(hpux.fs.backup,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/fbackup:dflt:(hpux.fs.backup,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/tunefs:dflt:(hpux.fs.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/fsclean:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/fstyp:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/dumpfs:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mountall:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/automount:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/idisk:dflt:(hpux.fs.partition.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/frecover:dflt:(hpux.fs.recover,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/frecover:dflt:(hpux.fs.restore,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/convertfs:dflt:(hpux.fs.specialop,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/umount:dflt:(hpux.fs.unmount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/umountall:dflt:(hpux.fs.unmount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:addl_netwrk:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:ip_address:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ifconfig:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/lanadmin:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/route:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipnat:dflt:(hpux.network.filter.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipf:dflt:(hpux.network.filter.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipfs:dflt:(hpux.network.filter.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipfstat:dflt:(hpux.network.filter.readstat,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/exportfs:dflt:(hpux.network.nfs.export,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/gdc:dflt:(hpux.network.service.config,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/bootpd:dflt:(hpux.network.service.start,bootpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/dhcpclient:dflt:(hpux.network.service.start,dhcpclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/dtlogin.rc:start:(hpux.network.service.start,dtlogin):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/fingerd:dflt:(hpux.network.service.start,fingerd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/gated:start:(hpux.network.service.start,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/identd:dflt:(hpux.network.service.start,identd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/inetd:start:(hpux.network.service.start,inetd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/mrouted:start:(hpux.network.service.start,mrouted):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/named:start:(hpux.network.service.start,named):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nettl:start:(hpux.network.service.start,nettl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.client:start:(hpux.network.service.start,nfsclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.core:start:(hpux.network.service.start,nfscore):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.server:start:(hpux.network.service.start,nfsserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.client:start:(hpux.network.service.start,nisclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.client:start:(hpux.network.service.start,nisplusclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.server:start:(hpux.network.service.start,nisplusserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.server:start:(hpux.network.service.start,nisserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/ntalkd:dflt:(hpux.network.service.start,ntalkd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rarpd:start:(hpux.network.service.start,rarpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rdpd:start:(hpux.network.service.start,rdpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rwhod:start:(hpux.network.service.start,rwhod):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/sendmail:start:(hpux.network.service.start,sendmail):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tcpd:dflt:(hpux.network.service.start,tcpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tftpd:dflt:(hpux.network.service.start,tftpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xfs:start:(hpux.network.service.start,xfs):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xntpd:start:(hpux.network.service.start,xntpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/dtlogin.rc:stop:(hpux.network.service.stop,dtlogin):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/gated:stop:(hpux.network.service.stop,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/inetd:stop:(hpux.network.service.stop,inetd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/mrouted:stop:(hpux.network.service.stop,mrouted):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/named:stop:(hpux.network.service.stop,named):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nettl:stop:(hpux.network.service.stop,nettl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.client:stop:(hpux.network.service.stop,nfsclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.core:stop:(hpux.network.service.stop,nfscore):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.server:stop:(hpux.network.service.stop,nfsserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.client:stop:(hpux.network.service.stop,nisclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.client:stop:(hpux.network.service.stop,nisplusclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.server:stop:(hpux.network.service.stop,nisplusserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.server:stop:(hpux.network.service.stop,nisserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rarpd:stop:(hpux.network.service.stop,rarpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rdpd:stop:(hpux.network.service.stop,rdpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rwhod:stop:(hpux.network.service.stop,rwhod):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/sendmail:stop:(hpux.network.service.stop,sendmail):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xfs:stop:(hpux.network.service.stop,xfs):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xntpd:stop:(hpux.network.service.stop,xntpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:hostname:(hpux.network.sethostname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/uname:dflt:(hpux.network.sethostname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:dflt:(hpux.network.trace.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettlconf:dflt:(hpux.network.trace.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:-start:(hpux.network.trace.start,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:-stop:(hpux.network.trace.stop,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audomon:dflt:(hpux.security.audit.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audsys:dflt:(hpux.security.audit.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audevent:dflt:(hpux.security.audit.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audusr:dflt:(hpux.security.audit.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audisp:dflt:(hpux.security.audit.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwck:dflt:(hpux.security.check,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwconv:dflt:(hpux.security.shadow.convert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwunconv:dflt:(hpux.security.shadow.unconvert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/ttsyncd:dflt:(hpux.security.trusted.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/authck:dflt:(hpux.security.trusted.check,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tsconvert:dflt:(hpux.security.trusted.convert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprdef:dflt:(hpux.security.trusted.get,prdef):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprdev:dflt:(hpux.security.trusted.get,prdev):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprpw:dflt:(hpux.security.trusted.get,prpw):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprterm:dflt:(hpux.security.trusted.get,prterm):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprdef:dflt:(hpux.security.trusted.modify,prdef):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprdev:dflt:(hpux.security.trusted.modify,prdev):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprpw:dflt:(hpux.security.trusted.modify,prpw):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprterm:dflt:(hpux.security.trusted.modify,prterm):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwgrd:dflt:(hpux.user.cache.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/userdel:dflt:(hpux.user.delete,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/groupdel:dflt:(hpux.user.group.delete,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mount:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: found matching entry: '/tmp/test1:dflt:(custom.script,*):0/0/0/0:dflt:dflt::edit'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/0/0
privrun: current settings for ruid/euid/rgid/egid are 0/0/0/0
privrun: executing: /tmp/test1
privrun: execution of command failed
root@saruman:/tmp#
As you see - privrun : passed authorization check
the problem is when it try to execute the script
Regards,
root@saruman:/tmp# privrun -v -v /tmp/test1
privrun: user user3 intends to execute command /tmp/test1
privrun: input entry: '/tmp/test1:dflt:(,):///:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/setboot:dflt:(hpux.admin.boot.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/mkboot:dflt:(hpux.admin.boot.make,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/rmboot:dflt:(hpux.admin.boot.remove,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kcalarm:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kconfig:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kcmodule:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kctune:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/mk_kernel:dflt:(hpux.admin.kernel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/savecrash:dflt:(hpux.admin.kernel.crash.save,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/crashconf:dflt:(hpux.admin.kernel.crash.set,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/krs_flush:dflt:(hpux.admin.kernel.flushreg,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/killall:dflt:(hpux.admin.kernel.killproc,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/bin/kill:dflt:(hpux.admin.kernel.killproc,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/kl:dflt:(hpux.admin.kernel.logging,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/dmesg:dflt:(hpux.admin.log.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/catman:dflt:(hpux.admin.manuals.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/fixman:dflt:(hpux.admin.manuals.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/killall:dflt:(hpux.admin.process.kill,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/renice:dflt:(hpux.admin.process.nice,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/psrset:dflt:(hpux.admin.pset.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/reboot:dflt:(hpux.admin.reboot,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ioinit:dflt:(hpux.admin.runlevel.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init:dflt:(hpux.admin.runlevel.set,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ch_rc:dflt:(hpux.admin.service.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/auditing:start:(hpux.admin.service.start,auditing):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/cron:start:(hpux.admin.service.start,cron):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/envd:start:(hpux.admin.service.start,envd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/hub:start:(hpux.admin.service.start,hub):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/kl:start:(hpux.admin.service.start,kl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/lp:start:(hpux.admin.service.start,lp):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/ptydaemon:start:(hpux.admin.service.start,ptydaemon):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/pwgr:start:(hpux.admin.service.start,pwgr):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/swagentd:start:(hpux.admin.service.start,swagentd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syncer:start:(hpux.admin.service.start,syncer):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syslogd:start:(hpux.admin.service.start,syslogd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/utmpd:start:(hpux.admin.service.start,utmpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/auditing:stop:(hpux.admin.service.stop,auditing):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/cron:stop:(hpux.admin.service.stop,cron):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/envd:stop:(hpux.admin.service.stop,envd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/hub:stop:(hpux.admin.service.stop,hub):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/kl:stop:(hpux.admin.service.stop,kl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/lp:stop:(hpux.admin.service.stop,lp):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/ptydaemon:stop:(hpux.admin.service.stop,ptydaemon):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/pwgr:stop:(hpux.admin.service.stop,pwgr):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/swagentd:stop:(hpux.admin.service.stop,swagentd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syncer:stop:(hpux.admin.service.stop,syncer):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/syslogd:stop:(hpux.admin.service.stop,syslogd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/utmpd:stop:(hpux.admin.service.stop,utmpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:date_time:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:timezone:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/date:dflt:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ntpdate:dflt:(hpux.admin.setdate,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/setuname:dflt:(hpux.admin.setuname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/swagentd:dflt:(hpux.admin.software.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/insf:dflt:(hpux.device.install,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mkboot:dflt:(hpux.device.mkboot,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ioscan:dflt:(hpux.device.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/rmsf:dflt:(hpux.device.remove,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/scsictl:dflt:(hpux.device.scsi.control,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/backup:dflt:(hpux.fs.backup,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/fbackup:dflt:(hpux.fs.backup,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/tunefs:dflt:(hpux.fs.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/fsclean:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/fstyp:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/dumpfs:dflt:(hpux.fs.getinfo,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mountall:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/automount:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/idisk:dflt:(hpux.fs.partition.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/frecover:dflt:(hpux.fs.recover,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/frecover:dflt:(hpux.fs.restore,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/convertfs:dflt:(hpux.fs.specialop,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/umount:dflt:(hpux.fs.unmount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/umountall:dflt:(hpux.fs.unmount,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:addl_netwrk:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:ip_address:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/ifconfig:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/lanadmin:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/route:dflt:(hpux.network.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipnat:dflt:(hpux.network.filter.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipf:dflt:(hpux.network.filter.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipfs:dflt:(hpux.network.filter.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/ipfstat:dflt:(hpux.network.filter.readstat,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/exportfs:dflt:(hpux.network.nfs.export,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/gdc:dflt:(hpux.network.service.config,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/bootpd:dflt:(hpux.network.service.start,bootpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/dhcpclient:dflt:(hpux.network.service.start,dhcpclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/dtlogin.rc:start:(hpux.network.service.start,dtlogin):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/fingerd:dflt:(hpux.network.service.start,fingerd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/gated:start:(hpux.network.service.start,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/identd:dflt:(hpux.network.service.start,identd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/inetd:start:(hpux.network.service.start,inetd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/mrouted:start:(hpux.network.service.start,mrouted):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/named:start:(hpux.network.service.start,named):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nettl:start:(hpux.network.service.start,nettl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.client:start:(hpux.network.service.start,nfsclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.core:start:(hpux.network.service.start,nfscore):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.server:start:(hpux.network.service.start,nfsserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.client:start:(hpux.network.service.start,nisclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.client:start:(hpux.network.service.start,nisplusclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.server:start:(hpux.network.service.start,nisplusserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.server:start:(hpux.network.service.start,nisserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/ntalkd:dflt:(hpux.network.service.start,ntalkd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rarpd:start:(hpux.network.service.start,rarpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rdpd:start:(hpux.network.service.start,rdpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rwhod:start:(hpux.network.service.start,rwhod):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/sendmail:start:(hpux.network.service.start,sendmail):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tcpd:dflt:(hpux.network.service.start,tcpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tftpd:dflt:(hpux.network.service.start,tftpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xfs:start:(hpux.network.service.start,xfs):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xntpd:start:(hpux.network.service.start,xntpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/dtlogin.rc:stop:(hpux.network.service.stop,dtlogin):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/gated:stop:(hpux.network.service.stop,gated):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/inetd:stop:(hpux.network.service.stop,inetd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/mrouted:stop:(hpux.network.service.stop,mrouted):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/named:stop:(hpux.network.service.stop,named):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nettl:stop:(hpux.network.service.stop,nettl):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.client:stop:(hpux.network.service.stop,nfsclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.core:stop:(hpux.network.service.stop,nfscore):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nfs.server:stop:(hpux.network.service.stop,nfsserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.client:stop:(hpux.network.service.stop,nisclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.client:stop:(hpux.network.service.stop,nisplusclient):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nisplus.server:stop:(hpux.network.service.stop,nisplusserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/nis.server:stop:(hpux.network.service.stop,nisserver):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rarpd:stop:(hpux.network.service.stop,rarpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rdpd:stop:(hpux.network.service.stop,rdpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/rwhod:stop:(hpux.network.service.stop,rwhod):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/sendmail:stop:(hpux.network.service.stop,sendmail):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xfs:stop:(hpux.network.service.stop,xfs):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/init.d/xntpd:stop:(hpux.network.service.stop,xntpd):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/set_parms:hostname:(hpux.network.sethostname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/uname:dflt:(hpux.network.sethostname,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:dflt:(hpux.network.trace.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettlconf:dflt:(hpux.network.trace.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:-start:(hpux.network.trace.start,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/nettl:-stop:(hpux.network.trace.stop,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audomon:dflt:(hpux.security.audit.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audsys:dflt:(hpux.security.audit.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audevent:dflt:(hpux.security.audit.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audusr:dflt:(hpux.security.audit.config,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/audisp:dflt:(hpux.security.audit.read,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwck:dflt:(hpux.security.check,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwconv:dflt:(hpux.security.shadow.convert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwunconv:dflt:(hpux.security.shadow.unconvert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/ttsyncd:dflt:(hpux.security.trusted.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/authck:dflt:(hpux.security.trusted.check,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/tsconvert:dflt:(hpux.security.trusted.convert,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprdef:dflt:(hpux.security.trusted.get,prdef):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprdev:dflt:(hpux.security.trusted.get,prdev):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprpw:dflt:(hpux.security.trusted.get,prpw):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/getprterm:dflt:(hpux.security.trusted.get,prterm):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprdef:dflt:(hpux.security.trusted.modify,prdef):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprdev:dflt:(hpux.security.trusted.modify,prdev):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprpw:dflt:(hpux.security.trusted.modify,prpw):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/lbin/modprterm:dflt:(hpux.security.trusted.modify,prterm):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/pwgrd:dflt:(hpux.user.cache.admin,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/userdel:dflt:(hpux.user.delete,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/usr/sbin/groupdel:dflt:(hpux.user.group.delete,*):0/0//:dflt:dflt::'
privrun: non-matching entry: '/sbin/mount:dflt:(hpux.fs.mount,*):0/0//:dflt:dflt::'
privrun: found matching entry: '/tmp/test1:dflt:(custom.script,*):0/0/0/0:dflt:dflt::edit'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/0/0
privrun: current settings for ruid/euid/rgid/egid are 0/0/0/0
privrun: executing: /tmp/test1
privrun: execution of command failed
root@saruman:/tmp#
As you see - privrun : passed authorization check
the problem is when it try to execute the script
Regards,
keep running
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2007 10:19 AM
01-03-2007 10:19 AM
Re: HP-UX RBAC Configuration problem
Hi,
I think your issue here is that the 'script' doesn't include an interpretor, e.g. something like '#!/usr/bin/ksh' on the first line. Just generally, this is required, otherwise you don't really have a script, just an text file with the executable bit set.
This isn't a privrun specific thing, and will happen with any exec'ing application that doesn't have additional logic to assume an interpretor. (What happens is that ksh is 'lax', and will automagically run a 'script' without an explicit interpretor. Not all shells do this, so in general, it's a bad idea.)
Cheers,
--Ron
I think your issue here is that the 'script' doesn't include an interpretor, e.g. something like '#!/usr/bin/ksh' on the first line. Just generally, this is required, otherwise you don't really have a script, just an text file with the executable bit set.
This isn't a privrun specific thing, and will happen with any exec'ing application that doesn't have additional logic to assume an interpretor. (What happens is that ksh is 'lax', and will automagically run a 'script' without an explicit interpretor. Not all shells do this, so in general, it's a bad idea.)
Cheers,
--Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2007 01:17 AM
11-15-2007 01:17 AM
Re: HP-UX RBAC Configuration problem
hey assign points ah
1 Strike of the Ironsmith equals 1000 strikes of a Gold smith
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP