- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- I need to give access to some root command to non-...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2010 08:51 PM
тАО09-19-2010 08:51 PM
I need to give access to some root command i.e. cancel command to cancel only specific job or all jobs in HP-UX print queue to non-root user. I know this can be done through SUDO Configuration.
But please can someone let me know how to do this SUDO configuration i.e. which are the files i need to edit, where i need to give the access to non-root user and where i need to provide the list of the root command so that non-root user can execute.
Thanks,
Narendra
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2010 09:51 PM
тАО09-19-2010 09:51 PM
Solutiondo you know this link:
http://www.sudo.ws/
and check also this:
http://docs.hp.com/en/B3921-60631/pt02.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2010 10:27 PM
тАО09-19-2010 10:27 PM
Re: I need to give access to some root command to non-root user - SUDO Configuration
Here you can find the commands used to manage printers:
http://docs.hp.com/en/B2355-90950/ch07s01.html
Please read first the document concerning "Planning Printer Configuration":
http://docs.hp.com/en/B2355-90950/ch02s07.html
Best regards,
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2010 11:15 PM
тАО09-19-2010 11:15 PM
Re: I need to give access to some root command to non-root user - SUDO Configuration
----------------
Restricted SAM
SAM can be configured to provide a subset of its functionality to
certain users or groups of users. It can also be used to build a
template file for assigning SAM access restrictions on multiple
systems. This is done through the Restricted SAM Builder. System
administrators access the Restricted SAM Builder by invoking SAM with
the -r option (see "Options" above). In the Builder, system
administrators may assign subsets of SAM functionality on a per-user
or per-group basis. Once set up, the -f option (see "Options" above)
can then be used by system administrators to verify that the
appropriate SAM functional areas, and only those areas, are available
to the specified user.
A nonroot user that has been given Restricted SAM privileges simply
executes /usr/sbin/sam and sees only those areas the user is
privileged to access. For security reasons, the "List" and "Shell
Escape" choices are not provided. (Note that some SAM functional
areas require the user to be promoted to root in order to execute
successfully. SAM does this automatically as needed.)
SAM provides a default set of SAM functional areas that the system
administrator can assign to other users. Of course, system
administrators are able to assign custom lists of SAM functional areas
to users as necessary.
----------------
You could use this to assign the desired rights to your non-root user.
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-19-2010 11:25 PM
тАО09-19-2010 11:25 PM
Re: I need to give access to some root command to non-root user - SUDO Configuration
Hope sudo is installed in your system.
Add the entry in your sudo configuration file.
#visudo
username /usr/bin/cancel
Hope this work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2010 05:15 AM
тАО09-20-2010 05:15 AM
Re: I need to give access to some root command to non-root user - SUDO Configuration
I have made the entries in sudoers configuration file as below for one user to have access only one command i.e. cancel. Please let me know whether this configuration is fine or do i need to change. As this configuration is working fine just want to confirm. And also want to make sure installing sudo software is not having any system risk.
# User alias specification
User_Alias USER1=xyzuser
# Cmnd alias specification
Cmnd_Alias COMMAND1=/usr/bin/cancel
# User privilege specification
root ALL=(ALL) ALL
USER1 ALL=NOPASSWD:COMMAND1
Thanks,
Narendra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2010 11:23 PM
тАО09-20-2010 11:23 PM
Re: I need to give access to some root command to non-root user - SUDO Configuration
Defaults requiretty
To force running sudo only when the user is logged in to a real tty.
If you have a script or cronjob that will do the user's job, you have to unset this flag.
For other considerations/flags, see
http://www.sudo.ws/sudo/sudoers.man.html
Best regards
Horia.
Horia.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2010 02:38 AM
тАО09-21-2010 02:38 AM
Re: I need to give access to some root command to non-root user - SUDO Configuration
One alternative to sudo is to use RBAC.
If you want take a try:
HP-UX Role-Based Access Control (RBAC)
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-22-2010 12:48 PM
тАО09-22-2010 12:48 PM
Re: I need to give access to some root command to non-root user - SUDO Configuration
You have to edit sudo conf. file and put an entry in # Cmnd alias specification with full path of cmd.(usr/bin/cancel)
Thanks,
Praju
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-14-2010 11:30 PM
тАО10-14-2010 11:30 PM