Can not run "sar" command if user is not "root"

[wpdavids]

Does anyone have a solution for running the "sar" command as a user other than "root".

below is the message I get when trying to run "sar" from my personal logon ID.

sar: The file access permissions do not allow the specified action.


I've tried changing the user permissions to 777 accross the board for the "/usr/sbin/sar" file but, the command still does not run unless I'm the "root" user.

I would really appreciate tips on getting this to work for my personal user account.

 

[anshudad]

You can not run sar command without super user permission. So the alternative is to implement "sudo" .Then configure to give your id permission to do such task.

 

[wpdavids]

Thanks for the help. I was afraid that installing sudo would be the only answer.

 

[rick26]

I believe sar (in fact sa1) belongs to group 'adm'. Users belonging to that group have all permissions to run sar (we gather statistics using account:group adm:adm.

 

[wpdavids]

Rick,
Yes!!! you are right. I added the "adm" group to my personal account and I was able to run "sar"...

I will thank you ever time I run the command.

problem solved. This thread is closed!! for me.

However, more comments are welcome on this subject.

 

[errpt]

Is there any risks of security to add a common user into adm group ?
I know in windows 2k, If you add a user into group administrators ,he will be as powerful as administrator.

 

[wpdavids]

I did some research and what I found is that the "adm" group will give a user most monitoring functions such as performance, cron, and accounting system functions.

Users that belong to system,security, and printq can do certain administrative functions.


Standard AIX Unix Group Hierarchy


system - For most configuration and standard hardware and software maintenance

printq - For managing queueing. Typical commands which can be run by members of this group are: enable, disable, qadm, qpri, etc...

security - To handle most passwords and limits control. Typical command which can be run by members of this group are: mkuser, rmuser, pwdadm, chuser, chgroup, etc...

adm - Most monitoring functions such as performance, cron, accounting

staff - Default group assigned to all new users. You may want to change this in.... /usr/lib/security/mkuser.defaults

audit - For auditors


- To protect important users/groups from members of the security group AIX has admin users and admin groups

- Only root can add/remove/change an admin user or admin group

- Any user on the system can be defined as an admin user regardless of the group they are in

Example: of an admin user flag set to true in /etc/security/user

# cat /etc/security/user

user1:
admin=true

 

[Yegolev]

To be safe, if you are into that sort of thing, make a userid and set to no login and no remote login. Make sure it allows su to that user. Might not be what you want, though. IBM Certified -- AIX 4.3 Obfuscation

 

[IBM2AIX]

U need to just change permissions on /sa/sa1 directory structures as chmod 777 .