HPE Community
Operating System - HP-UX
1833920 Members
4709 Online
110063 Solutions
New Discussion

root privilege commands

 
subhashni
Regular Advisor

‎06-17-2004 04:47 AM

‎06-17-2004 04:47 AM

root privilege commands

Hi,
By any chance ,can unix users(non root) use or manipulate the following commands
1.shutdown
2.init
3.syslogd (kill and rerun)
4.stop.
If so how?
I appriciate your help.

Thanks
unix4me
0 Kudos
Reply
5 REPLIES 5
Sridhar Bhaskarla
Honored Contributor

‎06-17-2004 04:52 AM

‎06-17-2004 04:52 AM

Re: root privilege commands

Hi,

Except for shutdown, they will not be able to execute these commands except 'stop'. There isn't any command called stop. I believe you meant /sbin/init.d/<script> stop.

If you want them to execute these commands, then you would need to setup 'sudo'. You will need to configure these commands in the sudoers file, the configuration file that sudo uses to grant permissions. Look at the following URL to download.

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.7p5/

You have to be bit careful while configuring the sudoers file as you may inadvertantly open up security holes.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-17-2004 05:16 AM

‎06-17-2004 05:16 AM

Re: root privilege commands

You may get a suggestion to simply change the /etc/passwd file for as particular user so their UID=0. Don't do it! Huge mistakes will occur and it is a very serious security breach. Just download sudo and grant the specific commands to the user (don't use ALL).


Bill Hassell, sysadmin
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎06-17-2004 05:24 AM

‎06-17-2004 05:24 AM

Re: root privilege commands

Look at sudo or even restricted SAM.

sam -r

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
R. Sri Ram Kishore_1
Respected Contributor

‎06-17-2004 05:35 AM

‎06-17-2004 05:35 AM

Re: root privilege commands

Hi,

Yes, as others have pointed out, Sudo is a great tool to achieve this. Sudo is part of the Internet Express suite of products, which can be downloaded from:
For HP-UX 11.23: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123
For HP-UX 11.11:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

HTH.
Regards,
Sri Ram
"What goes up must come down. Ask any system administrator."
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-17-2004 05:47 AM

‎06-17-2004 05:47 AM

Re: root privilege commands

sudo will achieve your goal.

I will say that its okay to allow other users to use shutdown under certain circumstances. its probably not a great idea to let a regular user run the init command.

init changes the system run level and executes a bunch of start and stop scripts.

If oracle starts at run level 4 and you let Joe Schmobagel bring the system to run level 3 that shuts downt he database.

You have to be extremely careful how you strucuture your system.

If you give a user init they can do an init 0 and shut the whole system down. How well are these people trained and if you are giving them this much power, why not the root password?

We sysadmins exist for a reason. One of those reasons is because we know the impact of the commands we're talking about here.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.