HPE Community
Operating System - HP-UX
1834527 Members
2622 Online
110068 Solutions
New Discussion

umount nfs filesystem as user, not root

 
SOLVED
Go to solution
Michael Dernbach
Occasional Contributor

‎03-11-2003 04:14 AM

‎03-11-2003 04:14 AM

umount nfs filesystem as user, not root

I wrote a script for standard-user to mount and umount a nfs-filesystem. The mount works, but to unmount doesn't operate. I get the following message:
"nfs umount: main: not super user"
The script, I wrote, belongs root and a group where the user is member. The script has the permission 4755 (rwsr-xr-x). How can I make to umount work?
0 Kudos
Reply
6 REPLIES 6
Pete Randall
Outstanding Contributor

‎03-11-2003 04:33 AM

‎03-11-2003 04:33 AM

Re: umount nfs filesystem as user, not root

In a similar situation, we change the permissions on the command we wish to use (kill in our case) within the script, in order to let the non-root user execute that command. The script is -rwsr-x---, the kill command is changed with "chmod 4555 /bin/kill", and changed back with "chmod 555 /bin/kill".


Pete

Pete
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎03-11-2003 04:37 AM

‎03-11-2003 04:37 AM

Re: umount nfs filesystem as user, not root

Here you go.

1) Restricted sam (sam -r) to set up.

Add umount to the user's command set.

2) Use sudo
Support Fatherhood - Stop Family Law
Reply
Michael Dernbach
Occasional Contributor

‎03-11-2003 05:06 AM

‎03-11-2003 05:06 AM

Re: umount nfs filesystem as user, not root

Dear Pete, to change the the permissions didn't work!
thanks

Where can I find the user's command set in SAM ?
What do you mean with "Use sudo" ?

Michael

0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-11-2003 05:14 AM

‎03-11-2003 05:14 AM

Solution

Re: umount nfs filesystem as user, not root

Sorry I wasn't sure the permissions change would do it but it seemed worth a try. For the restricted sam idea, here's some info from Sam's man page:

Adding New Functionality to SAM
You can easily add stand-alone commands, programs, and scripts to SAM.
SAM is suspended while the executable program is running. When it
finishes, the SAM interface is restored. You can also write your own
help screen for each menu item you create. To add functionality to
SAM, select the "Add Custom Menu Item" or "Add Custom Menu Group"
action items from the SAM Areas menu. (Note that the new item is
added to the hierarchy that is currently displayed, so you need to
navigate to the desired hierarchy before adding the item.)


Restricted SAM
SAM can be configured to provide a subset of its functionality to
certain users or groups of users. It can also be used to build a
template file for assigning SAM access restrictions on multiple
systems. This is done through the Restricted SAM Builder. System
administrators access the Restricted SAM Builder by invoking SAM with
the -r option (see "Options" above). In the Builder, system
administrators may assign subsets of SAM functionality on a per-user
or per-group basis. Once set up, the -f option (see "Options" above)
can then be used by system administrators to verify that the
appropriate SAM functional areas, and only those areas, are available
to the specified user.

A nonroot user that has been given Restricted SAM privileges simply
executes /usr/sbin/sam and sees only those areas the user is
privileged to access. For security reasons, the "List" and "Shell
Escape" choices are not provided. (Note that some SAM functional
areas require the user to be promoted to root in order to execute
successfully. SAM does this automatically as needed.)

SAM provides a default set of SAM functional areas that the system
administrator can assign to other users. Of course, system
administrators are able to assign custom lists of SAM functional areas
to users as necessary.




Sudo is a program that allows non-root users to execute certain commands with root privileges. You can find it at the porting and archive center:
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/



Pete

Pete
Reply
Dietmar Konermann
Honored Contributor

‎03-11-2003 05:52 AM

‎03-11-2003 05:52 AM

Re: umount nfs filesystem as user, not root

Do you have the magic "#!/usr/bin/sh" at the beginning of your script? This is required for suid scripts.

BTW, beginning with 11.22 the suid feature is disabled for scripts by default. For security reasons, kernel tunable secure_sid_scripts is 1.

Best regards...
Dietmar.
"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
0 Kudos
Reply
Michael Dernbach
Occasional Contributor

‎03-11-2003 07:33 AM

‎03-11-2003 07:33 AM

Re: umount nfs filesystem as user, not root

Dear Dietmar,
the "#!/usr/bin/sh" has been set, that wasn't the fault.

Dear Pete,
thanks for your information! With restricted SAM it works like expected!
Thanx for your help!

Michael
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.