HPE Community
Operating System - HP-UX
1830161 Members
13788 Online
109999 Solutions
New Discussion

SUDO ??

 
SOLVED
Go to solution
Amit Dixit_2
Regular Advisor

‎08-17-2004 12:55 AM

‎08-17-2004 12:55 AM

SUDO ??

Hi,
What is Sudo ? and what is the difference
having multiple UID set to "0" and having
sudo installed on the system.

Is there any other way where you can have
Role Based Access Control (RBAC) under HP-UX

Currently I am having 2 logins with uid "0"
but when I give "ls" command it display
the owner of the file created by mylogin is
root since my login uid is "0" but group is
users ?
why is it so ?

Please anyone explain me why is it so ?

Thanks,
Amit
0 Kudos
Reply
7 REPLIES 7
MarkSyder
Honored Contributor

‎08-17-2004 12:58 AM

‎08-17-2004 12:58 AM

Re: SUDO ??

With sudo you can give users a subset of root commands without giving them access to all root commands. Additionally, sudo keeps a log of all tasks carried by users in a sudo session.

Mark Syder (like the drink but spelt different)
The triumph of evil requires only that good men do nothing
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎08-17-2004 12:59 AM

‎08-17-2004 12:59 AM

Re: SUDO ??

Hi,
having multiple users with id "0" is a common practice, but not correct.

As in your case, all the files come up as the first user with id "0" in the /etc/passwd, which is root like in your example.


sudo is the right way to let every user, also non root users, to execute privileged commands.

sudo let configured user to run with eid "0".

If you want further control over what users can do, look also at Access Contro List, they can enhance the security a lot.

HTH,
Massimo
0 Kudos
Reply
Kent Ostby
Honored Contributor

‎08-17-2004 01:12 AM

‎08-17-2004 01:12 AM

Re: SUDO ??

You can get sudo off of the Utah site.

Packages for hp-ux are located at:

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/
"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Reply
john kingsley
Honored Contributor

‎08-17-2004 01:14 AM

‎08-17-2004 01:14 AM

Solution

Re: SUDO ??

sudo allows non-root users to run system commands as root. When you configure sudo, you can specify a list of commands, and a list of users who are allowed to use them as root.

By giving a user access to a UID=0 account, you are giving them root access to everything. With sudo, you can give a user root access to a limited number of commands, and you can control which commands they have root access to.

I am not aware of RBAC under HP-UX, but would love to see HP include it in a future release.

The system tracks users by their uid, not by their user name. So, when you have duplicate uids listed in the password file, the system will always associate file ownership with the first user with this uid in the password file.
Reply
Amit Dixit_2
Regular Advisor

‎08-17-2004 02:09 AM

‎08-17-2004 02:09 AM

Re: SUDO ??

Hi,
I have downloaded and installed SUDO
doesn anyone have good doc to configure it

Say I am having login "amit"
I want this user can person some specific
application start stop and Informix Install

How can I configure amit through sudo
for the same.

Thanks,
Amit
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎08-17-2004 06:22 PM

‎08-17-2004 06:22 PM

Re: SUDO ??

sudo and sudoers man pages are very useful.

Here are some quick notes.

To establish access control you first edit sudo config file (called sudoers) with visudo. visudo provides locking (similar to vipw) and also checks sudoers file syntax.

The following sudoers entry enables user amit to run (as root) /sbin/init.d/xfs with stop and start arguments on system called hpux.

Host_Alias HPUX = hpux
Cmnd_Alias XFS_STOP = /sbin/init.d/xfs stop
Cmnd_Alias XFS_START = /sbin/init.d/xfs start

amit HPUX = (root) XFS_STOP, XFS_START

User amit can list allowed commands with sudo -l.

When logged in as amit you can restart xfs as follows. When asked to provide password type password for amit account (not root).

amit@hpux$ sudo /sbin/init.d/xfs stop
amit@hpux$ sudo /sbin/init.d/xfs start

Do not give users sudo access to commands such as vi, chown and chmod, as they can easily get access to root shell.
0 Kudos
Reply
Dorothee Singer
Frequent Advisor

‎08-17-2004 08:17 PM

‎08-17-2004 08:17 PM

Re: SUDO ??

hi amit,
there is also a nice intodruction on the following site - for me it was helpful for the first steps (just to understand how it works and so on):

http://www.komar.org/pres/sudo/toc.html

hope this helps!
doro
Computers make very fast, very accurate mistakes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.