SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ: How do I use tfadmin, adminuser, and adminrole, instead of su?

SCO UnixWare 7/OpenUNIX 8/OpenServer 6 FAQ :

Security :
How do I use tfadmin, adminuser, and adminrole, instead of su?

To use privileges instead of su, we do the following:

      A)  Create a group of commands that a user needs, called a role,
          with the adminrole command
      B)  Assign a user or users to that role with adminuser.
      C)  Then they can execute the commands using tfadmin.

   This is straightforward enough.  The following is an example, where I'll
   grant the privilege to use 'kill' and 'shutdown' to Yurtle:

   Script started on Mon Oct 25 20:56:10 1999
   # id | awk '{ print $1 " " $2 }'
   UID=0(root) GID=3(sys)
   #
   # /bin/adminrole -n SCRAM
   # /bin/adminrole -a kill:/bin/kill:allprivs SCRAM
   # /bin/adminrole -a shutdown:/sbin/shutdown:allprivs SCRAM
   # /bin/adminuser -n -o SCRAM yurtle
   #
   # ^D

   script done on Mon Oct 25 21:00:45 1999

   That's all there is to it.  Yurtle can kill and shutdown now,
   as long as initprivs returns nothing and they type their command like:

     /sbin/tfadmin shutdown -g0 -y -i0

<mschalit@pacbell.net>
gerberb@zenez.com

[Append to This Answer]

Previous:	What are the alternatives to su? A user needs a privilege.
Next:	What are some gaping security risks I need to patch immediately?

This document is: http://www.zenez.com/cgi-bin/ou8faq/faq?file=192

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.