HPE Community
Operating System - HP-UX
1855286 Members
32134 Online
104109 Solutions
New Discussion

Restricted Sam HPUX version 11.00

 
SOLVED
Go to solution
Eugene Klaus
Frequent Advisor

‎06-20-2004 11:41 PM

‎06-20-2004 11:41 PM

Restricted Sam HPUX version 11.00

Sam configures user and attributes, however,
When accessing sam under user id the message
that you must be root to access sam appears.
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
7 REPLIES 7
Cheryl Griffin
Honored Contributor

‎06-20-2004 11:42 PM

‎06-20-2004 11:42 PM

Solution

Re: Restricted Sam HPUX version 11.00

When logged in as root, execute:
# sam -r

Select the non-root user that you wish to grant permissions to and enable access to those areas.

Have the user log in as themself and start sam. They will only have access to what root granted them permission to access.
"Downtime is a Crime."
0 Kudos
Cheryl Griffin
Honored Contributor

‎06-20-2004 11:45 PM

‎06-20-2004 11:45 PM

Re: Restricted Sam HPUX version 11.00

See
http://www.docs.hp.com/hpux/onlinedocs/B2355-90672/00/00/8-con.html
Granting Users Limited Access to SAM or

http://www.docs.hp.com/hpux/onlinedocs/B2355-90681/00/03/326-con.html
Restricted SAM
"Downtime is a Crime."
0 Kudos
Rajeev Shukla
Honored Contributor

‎06-20-2004 11:48 PM

‎06-20-2004 11:48 PM

Re: Restricted Sam HPUX version 11.00

Hi
To configure restricted SAM access for users, you need to login as root and then run
#sam -r
then configure the access you want to give to the particular user.
Then login as that user and run SAM to verify the SAM access for that user.

Cheers
Rajeev
0 Kudos
Sunil Sharma_1
Honored Contributor

‎06-20-2004 11:49 PM

‎06-20-2004 11:49 PM

Re: Restricted Sam HPUX version 11.00

Hi,

Configure ristricted SAM using sam -r as a root user and assign rights to different usere for different task or subtak of SAM.

then user should login and run sam and he will get his assigned rights only.
sam willnot be in path for normal user so give full path.

see more information here :
http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?admit=716493758+1087818495362+28353475&threadId=606409

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Eugene Klaus
Frequent Advisor

‎09-10-2004 01:39 AM

‎09-10-2004 01:39 AM

Re: Restricted Sam HPUX version 11.00

Thank you for your answers. Perhaps I was not clear in my question and problem. I already have configured sam as prescribed in the documentation successfully for one user.

Works fine and performed under a test logging in as non-root user and running sam,
no problem.

The next user that I set up using sam -r, fails and the error sam gives is that the user must be root to execute sam. That is the whole point of this scenario. The use
of sam -r to configure sam to accept and respond to use by a non-root user.

Question: Is there a restriction in 11.0 or
is a patch required to allow more than one user to be configured???????
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
Pete Randall
Outstanding Contributor

‎09-10-2004 01:45 AM

‎09-10-2004 01:45 AM

Re: Restricted Sam HPUX version 11.00

Eugene,

I don't have any 11.0 machines anymore, but I did test this on an 11i box. I already had one user defined in restricted SAM, so I went in (as root) and set up another. I was then able to login as that user and run SAM.

The only thing I can think of is to download and install the latest SAM patches and see if that helps.


Pete

Pete
0 Kudos
Eugene Klaus
Frequent Advisor

‎09-10-2004 02:37 AM

‎09-10-2004 02:37 AM

Re: Restricted Sam HPUX version 11.00

Thanks for the responses. It is quite bizarre. I have removed priveleges and reset
the restricted sam to function for a group
rather than an individual and now I can
run sam as the first id from a loggin but
the second id fails with the 'must be root'
message. However, if I su to the account I can run sam with either id. Progress but not quite there. Perhaps there is a patch involved. I can work around and document this as an intended security action if I can't find a patch.
I have promises to keep and miles to go before I sleep and miles to go before I sleep
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.