Veritas-bu

[Veritas-bu] methods_deny file and Solaris RBAC for non-root user

2007-07-05 13:19:38
Subject: [Veritas-bu] methods_deny file and Solaris RBAC for non-root user
From: Kyle Oliver <k_f_o AT yahoo DOT com>
To: veritas-bu AT mailman.eng.auburn DOT edu
Date: Thu, 5 Jul 2007 10:00:05 -0700 (PDT)
I guess that this is my 3rd post to this list in the same light, but I figure 
maybe the 3rd times a charm, as I have not seen any responses to my previous 
posts.  I guess it is possible that no one is messing with this level of 
authorization.  From what I read, these methods are going away in the next 
major release as they move to the authentication broker.

In a default install, the methods_deny file contains ALL : ALL, which I believe 
to be analogous to any:any drop in the firewall world.  If I comment out this 
ALL : ALL line, my non-root user can perform the commands that I was previously 
denied using (bppllist, bperror, and bpimmedia).  Any ideas what other "evils" 
I may be opening myself up to by commenting out ALL : ALL.  I don't believe 
that I have opened up access to everyone, as most of the non-root use is 
controlled by the authorized.txt file.

I also tried to create a Solaris RBAC role for a non-root user to issue some 
NetBackup commands, but I still got the userid is not superuser (140) error, 
even though the role sets the UID/GID to 0.

Thoughts?

-Kyle


_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] methods_deny file and Solaris RBAC for non-root user, Kyle Oliver <=