HPE Community
Operating System - HP-UX
1826149 Members
4389 Online
109690 Solutions
New Discussion

Lockword/Passwrd to some files.

 
harry_7
Frequent Advisor

‎01-08-2002 10:05 PM

‎01-08-2002 10:05 PM

Lockword/Passwrd to some files.

Hi All,

Is it possible we can put password to the some of the most critical commands. So before executing we have to put some password or lockword like in the HP3000.

like executing to 'reboot' command system has to ask to the operator do you want or enter the password like...

Regards

Harpreet Singh
0 Kudos
Reply
2 REPLIES 2
Michael Tully
Honored Contributor

‎01-08-2002 10:18 PM

‎01-08-2002 10:18 PM

Re: Lockword/Passwrd to some files.

Hi Harpreet,

You can place a password within a text file but
not in a unix binary program.

The best way would be to set up 'sudo' so that
you can allow certain users to run certain
functions should you choose. Each program before it is run would require a password, if it is set up correctly.

You can get an already compiled version of 'sudo' from the HP porting centre.

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.2b1/

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎01-08-2002 10:34 PM

‎01-08-2002 10:34 PM

Re: Lockword/Passwrd to some files.

Hi,

One quick easy method is to use restricted sam (which comes built-in with HP-UX).

Execute the following to configure restricted sam:

# sam -r

From restricted sam, you can add scripts to be in the sam menu and specify the users who can run these privileged programs as root.

For the user, they just need to execute sam to see the restrictive sam menu items they can in sam. Note that /usr/sbin must be in the user's PATH setting if they do not specify the pathname /usr/sbin/sam in full.

user> sam

Example of a script you can link from restricted sam to perform what you required is:

==========================================
#!/sbin/sh

echo "Enter password to execute $0\n"
stty -echo
read PASS
stty echo

if [ "$PASS" != "the_passwd" ]
then
echo "Wrong password entered!"
exit 1
else
/usr/sbin/reboot
fi
==========================================

Set this script to read-executable by root ie. -rwx------ so that other user accounts cannot read the contents.

With restricted sam, the user can only execute the script with root privileges but cannot read the script.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.