Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Assign a single root command to a user

Status
Not open for further replies.
xeniabuc

xeniabuc

Technical User
Sep 19, 2006
3
US
I am having problem with print queues locking up from time to time in a police dispatch operation. I have set up a script in unidata so that my operators can use a bang command to run lpstat. The problem is that they cannot use the bang command to run cancel or enable on the print queue. Is there a way to assign "enable" and "cancel" priveleges to a non-root user?

Thanks!!
 
Sort by date Sort by votes
Ok, now that I searched using the right parameters, I found the answer I needed.
 
Upvote 0 Downvote
And it was? For the benefit of others, please share.

I don't mind people who aren't what they seem. I just wish they'd make their mind up.

Alan Bennett.
 
Upvote 0 Downvote
I used the two tips below as a work around. It is cleaner and keeps my users from having privileges that I don't want them to have.

_________________________________________________________

"costiles (TechnicalUser) 22 Jun 05 9:05
I notice that your rembak has no timeout. add -T999 to the rembak stanza.backend = /usr/lib/lpd/rembak -T999

This says to keep the queue active for 999 minutes - waiting for any problems to clear.

Thank costiles
for this valuable post!"

___________________________________________________________

"needcoffee (MIS) 22 Jun 05 11:54
Here is a script that will only restart downed print queues. I have it run via cron every 5 minutes.


CODE
#!/usr/bin/ksh

enq -As | grep "DOWN" | cut -f 1 -d " " | while read ln
do
enable ln
done

This was originally submitted by another forum member who I cannot remember.

needcoffee"

 
Upvote 0 Downvote
hi,
exist many ways, one is that

One other is to define a Admin-User (with user-known password)that in its .profile does just a qadm -P xxx -U
or your script, and then logoff.

Another is to use "sudo" ( see thread52-619411 )
for specific command. In this thread you find that
for security reasons, someone reports that "sudo" is
not a good idea and proposes an ulterior way.

Choose the best, relatively to your environment.

bye
Vittorio
 
Upvote 0 Downvote
Assigning these users to the printq group will also allow them to run the commands. The only downside is this gives them full access to the print subsystem. Alternatively you could intall and configure sudo to allow them access to specific commands. sudo also contains a log facility so you can easily monitor how often this is being used.

[morning] needcofffee
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

A
  • Locked
  • Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
391
Alvinghost
A
sheilar32
  • Locked
  • Question
Migrating from AIX to anything else
Replies
0
Views
354
sheilar32
sheilar32
E
  • Locked
  • Question
What are reservations and how do you set them?
Replies
0
Views
348
emze
E
E
  • Locked
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
456
JenLM
J
jkc2023
  • Locked
  • Question
AIX TL and SP upgrade
Replies
0
Views
480
jkc2023
jkc2023

Part and Inventory Search

Sponsor

Back
Top