System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

I need to give access to some root command to non-root user - SUDO Configuration

 
SOLVED
Go to solution
Highlighted
Regular Advisor

I need to give access to some root command to non-root user - SUDO Configuration

Hi,
I need to give access to some root command i.e. cancel command to cancel only specific job or all jobs in HP-UX print queue to non-root user. I know this can be done through SUDO Configuration.
But please can someone let me know how to do this SUDO configuration i.e. which are the files i need to edit, where i need to give the access to non-root user and where i need to provide the list of the root command so that non-root user can execute.

Thanks,
Narendra
9 REPLIES 9
Highlighted
Honored Contributor
Solution

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hi,
do you know this link:
http://www.sudo.ws/

and check also this:
http://docs.hp.com/en/B3921-60631/pt02.html
Highlighted
Honored Contributor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hello,
Here you can find the commands used to manage printers:

http://docs.hp.com/en/B2355-90950/ch07s01.html

Please read first the document concerning "Planning Printer Configuration":

http://docs.hp.com/en/B2355-90950/ch02s07.html

Best regards,
Horia.
Best regards from Romania,
Horia.
Highlighted
Honored Contributor

Re: I need to give access to some root command to non-root user - SUDO Configuration

From man sam, we can find that there is an option called:

----------------

Restricted SAM
SAM can be configured to provide a subset of its functionality to
certain users or groups of users. It can also be used to build a
template file for assigning SAM access restrictions on multiple
systems. This is done through the Restricted SAM Builder. System
administrators access the Restricted SAM Builder by invoking SAM with
the -r option (see "Options" above). In the Builder, system
administrators may assign subsets of SAM functionality on a per-user
or per-group basis. Once set up, the -f option (see "Options" above)
can then be used by system administrators to verify that the
appropriate SAM functional areas, and only those areas, are available
to the specified user.

A nonroot user that has been given Restricted SAM privileges simply
executes /usr/sbin/sam and sees only those areas the user is
privileged to access. For security reasons, the "List" and "Shell
Escape" choices are not provided. (Note that some SAM functional
areas require the user to be promoted to root in order to execute
successfully. SAM does this automatically as needed.)

SAM provides a default set of SAM functional areas that the system
administrator can assign to other users. Of course, system
administrators are able to assign custom lists of SAM functional areas
to users as necessary.

----------------

You could use this to assign the desired rights to your non-root user.

Horia.
Best regards from Romania,
Horia.
Highlighted
Respected Contributor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hi,
Hope sudo is installed in your system.
Add the entry in your sudo configuration file.

#visudo

username /usr/bin/cancel

Hope this work.




Highlighted
Regular Advisor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hi,
I have made the entries in sudoers configuration file as below for one user to have access only one command i.e. cancel. Please let me know whether this configuration is fine or do i need to change. As this configuration is working fine just want to confirm. And also want to make sure installing sudo software is not having any system risk.


# User alias specification
User_Alias USER1=xyzuser

# Cmnd alias specification
Cmnd_Alias COMMAND1=/usr/bin/cancel

# User privilege specification
root ALL=(ALL) ALL
USER1 ALL=NOPASSWD:COMMAND1

Thanks,
Narendra
Highlighted
Honored Contributor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Do not forget about

Defaults requiretty

To force running sudo only when the user is logged in to a real tty.

If you have a script or cronjob that will do the user's job, you have to unset this flag.


For other considerations/flags, see

http://www.sudo.ws/sudo/sudoers.man.html

Best regards
Horia.
Best regards from Romania,
Horia.
Highlighted
Valued Contributor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hi Narendra


One alternative to sudo is to use RBAC.


If you want take a try:

HP-UX Role-Based Access Control (RBAC)


Regards.
Highlighted
Occasional Advisor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Hi,

You have to edit sudo conf. file and put an entry in # Cmnd alias specification with full path of cmd.(usr/bin/cancel)

Thanks,
Praju







Highlighted
Regular Advisor

Re: I need to give access to some root command to non-root user - SUDO Configuration

Thanks for the solution.