I found /etc/auth/system/authorize file that seemed to set up what 'made'
users can do what. It lists the following after this message. It appears to
be a C2 setup but I would think that there is a way to set up the
permissions without C2. Anyone seen/used this before? There was an
absence of information about this file available in the DU Security manual,
part#: AA-Q0R2C-TE
==========================================
# Command Authorization Definition File
# Copyright # 1989-1990 SecureWare, Inc.
#
# _at_(#)authorize.C2 5.2 09:22:45 8/24/90 SecureWare
#
# # Copyright 1990, OPEN SOFTWARE FOUNDATION, INC.
# ALL RIGHTS RESERVED
#
# OSF/1 Release 1.0
acct
anygroup
audit
auth
boot
chown
chroot
cron
isso
linkdir
lp
mem
mknod
mount
operator
password
ping
printerstat
sysadmin
tape
auth: password
isso: audit auth boot mem tape
lp: printerstat
operator: boot lp mount tape
sysadmin: acct anygroup auth boot chown chroot cron linkdir lp mem
mknod mount ping tape
>>> Javier Aida <jaida_at_gmd.com.pe> 4/24/96 5:32 pm >>>
Many thanks to:
Eric Bennett
James D. Zelenka
Thomas Erskine
S. Barbaresi
Hellebo Knut
Murat Balci
Antonia Gomez
Mohan Mahajan
Kurt Carlson
Mark Bentkower alan_at_nabeth.cxo.dec
Thomas Looney
Bill Bathurst mperlman_at_parsec.com
I was thinking to create a root-like account, or "powerful accounts". After
receiveing all the responses, I can summarize:
1. DU is NOT intended to do this task, as I remember (and saving the
distances), in SCO UNIX you can create accounts with different levels of
= privileges, which allowed to create things like an operator account, a
printer operator, a backups operator and so on. I even tried to use System
V Environment, but my lack of experience with this product didn't allow me
to change all my environment, as the product asks.
2. You can create an account with id=3D0, which gives you root
privileges (you can access any directory, delete, create, copy,execute
and so on), but this is far from my objective, I don't want to have two root
accounts. When you configure an account with UID=3D0, and any other
GID, all the things you do, you do it with the root ID.
3. Many gurus recommended me to use "sudo", which is a fair freeware
product that allows to give some accounts determinate privileges, tuned
by the superuser. All you have to do is to configure a file named
"/etc/sudoers", define accounts, groups, allowed and not allowed
programs. This is the best solution i found, but i'm still trying to = figure out
other way to solve my problem. (available at
ftp://ftp.cs.colorado.edu/pub/sysadmin/utilities/cu-sudo.v1.4.tar.Z)
If someone is working with System V Environment, please let me know
about the experience.
Regards
%%%%%%%%%%%%%%%%%%%%%%%%%
F. Javier Aida Nakamo
Software Engineer - GMD S.A. jaida_at_gmd.com.pe
Tlf: +51 - 1 - 241-2626 Ext. 254
FAX: + 51 - 1 - 446-9667
Lima - PERU
%%%%%%%%%%%%%%%%%%%%%%%%%
Received on Thu Apr 25 1996 - 16:36:12 NZST