HPE Community
Operating System - HP-UX
1826677 Members
2827 Online
109696 Solutions
New Discussion

Re: Security/ Permissions and Logins without sudo or restricted shell

 
SOLVED
Go to solution
Laurie A. Krumrey
Regular Advisor

‎10-31-2001 10:43 AM

‎10-31-2001 10:43 AM

Security/ Permissions and Logins without sudo or restricted shell

Hi all you techies!

On one of my servers (11.0 model L200) the computer operations folks have individual logins. They need this to run our 3 party vendor product call "Netbackup" which backs
up all our other HP boxes.

I need them to be allowed to execute a few
unix commands for Netbackup. However, sudo
and restricted shell will not work for this,
(please trust me on this). Is there another
method besides restricted shell and sudo?

I have added these computer operations login to the /etc/ftpd/ftpusers file so they
cannot ftp to my other servers. Is there anything else I should do? How do a put a login time out on specific logins? If I want them to be automatically logged off with no
activity in 15 minutes.

Is there a way to monitor there accounts with
a log? I need to think like an audit and need
some help securing these logins. Yes we have
a trusted system.

many thanks..Laurie
Happiness is a choice
0 Kudos
Reply
6 REPLIES 6
Sanjay_6
Honored Contributor

‎10-31-2001 10:50 AM

‎10-31-2001 10:50 AM

Solution

Re: Security/ Permissions and Logins without sudo or restricted shell

Hi Laurie,

Take a look at these threads

http://us-support.external.hp.com/cki/bin/doc.pl/sid=b5d88af41a84b22ef9/screen=ckiDisplayDocument?docId=200000024603627

http://us-support.external.hp.com/cki/bin/doc.pl/sid=b5d88af41a84b22ef9/screen=ckiDisplayDocument?docId=200000051053256

Hope this helps.

thanks
Reply
Sanjay_6
Honored Contributor

‎10-31-2001 10:56 AM

‎10-31-2001 10:56 AM

Re: Security/ Permissions and Logins without sudo or restricted shell

Hi Laurie,

you can also play with the TMOUT variable in the user environment and see if it helps.

TMOUT=1

will timeout in 60 seconds.

hope this helps.

thanks
Reply
Alan Riggs
Honored Contributor

‎10-31-2001 11:00 AM

‎10-31-2001 11:00 AM

Re: Security/ Permissions and Logins without sudo or restricted shell

You can use ACL's to give the users execute permissions for the netbackup commands. Note: ACLs are not supported under JFS version 3. You will have to have JFS version 3.3 (or install netbacklup in an hfs filesystem).
Reply
Craig Rants
Honored Contributor

‎10-31-2001 11:09 AM

‎10-31-2001 11:09 AM

Re: Security/ Permissions and Logins without sudo or restricted shell

How about turning netbackup into a Custom Application inside Sam and giving them restricted Sam access?

Just a thought, don't know if it will work based on the info you gave about your app.

C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
Sanjay_6
Honored Contributor

‎10-31-2001 11:31 AM

‎10-31-2001 11:31 AM

Re: Security/ Permissions and Logins without sudo or restricted shell

Hi Laurie,

Take a look at this thread. you can try this to give a user the su capability to run a specific job.

http://us-support.external.hp.com/cki/bin/doc.pl/sid=d85d13961b1e1a14dd/screen=ckiDisplayDocument?docId=200000007948551

Hope this helps.

thanks
Reply
John Payne_2
Honored Contributor

‎11-01-2001 01:28 PM

‎11-01-2001 01:28 PM

Re: Security/ Permissions and Logins without sudo or restricted shell

You need them to run a few UNIX commands besides the Netbackup stuff? Or just run stuff inside netbackup? Is it possible to just give them access to the commands? i.e. possibly copy the commands to another location in the system, give their group ownership (and priviledge) and point their PATH's to that directory. It depends on the commands in question and whether they can get the command to run as themselves.

John
Spoon!!!!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.