Operating System - HP-UX
1849610 Members
6517 Online
104044 Solutions
New Discussion

Non root users executing make_recovery

 
Dan Ryan
Advisor

Non root users executing make_recovery

I have an OPS staff that does not have root access that I want to create make_recovery tapes. I've given them a menu that invokes a script this is owned by root and has the set_uid bit set.
Script Permissions are 4750 Owner is root group is root.
The operator is a member of the root group and can execute the script.
The command in the script is :
/opt/ignite/bin/make_recovery -AvC -d /dev/rmt/5mn -b /tmp/uninstalf.recovery
Failure message are:
HP-UX System Recovery
nftw: Permission denied
make_recovery(338): Failed on /
make_recovery(346): failed on /
Validating append file
Done
make_recovery(228): make_recovery(1M) encountered a fatal error.
make_recovery(230): Please fix errors and re-try.
Cleanup

Looks like make_recovery programs are ignoring euid of the script. Any suggestions on how to make this work?

HP-UX 11.0 Ignite B.2.4.307

Thanks for your time & help.



Don't have time to do it right the first time, but always time to do it twice
4 REPLIES 4
Alan Riggs
Honored Contributor

Re: Non root users executing make_recovery

If the make_recovery subcomponents dig deeper than euid, you will probably have to use Sudo or something similar.
Ian_4
Honored Contributor

Re: Non root users executing make_recovery

run du / to get the list of subdirs -clean unnecessary data under / and try again.
Lawrence Mahan
Frequent Advisor

Re: Non root users executing make_recovery

I had the same problem. I hade to write a C routin that used the setuid and setgid funtion calls and then did a system call to run the needed scripts. The c routine has to be owned by root with the s bit set and the w bit removed for security.
Rick Garland
Honored Contributor

Re: Non root users executing make_recovery

sudo would be a good choice. In addition to running the make_recovery as root, you will get logging of the event, who did it, and when it was done.

The sudoers file can be setup to only allow the make_recovery and can be limited to a certain group of users. They can be setup to do nothing else as root except the make_recovery.