Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
FullSysbackup without root 1
- Thread starter so180500
- Start date
-
1
- #2
Not a good idea - if a non-root user can backup all the files on the system it means he has read-access to all files. Worse yet, it means he can restore the files elsewhere. AIX won't allow it, but if you really don't care about security on the system, create a set-uid program owned by root which calls your mksysb command.
You can set up sudo so the o-n-l-y thing the user can do as root is run mksysb.
Of course, the user could bring the tape to another system and read the files from there but the user would have to have root or sudo rights on that system.
sudo keeps a log of all sudo activities. I assume the set-uid program would, too?
Of course, the user could bring the tape to another system and read the files from there but the user would have to have root or sudo rights on that system.
sudo keeps a log of all sudo activities. I assume the set-uid program would, too?
- Thread starter
- #5
sudo is a freeware/shareware application that you can install on many different Unix platforms, including AIX. The source is at Click on the Unix Systems Administrator's Resources and then do a search for sudo. You'll get a link to a page where you can download it. There might be some compiled binaries you could download, but I do not recall any trouble compiling it. You will have to have gunzip to unzip the source, I believe. You can get that at Stokely as well. The site for sudo has a bunch of documentation.
After sudo is installed (in /usr/local/bin, so be sure that is in your path), you edit a sudoers file and list the users you want to be able to use sudo. There is a configuration file where you can make groups of commands normally available only to root available to users (or groups of users, also defined in the configuration file) who would normally not be able to use the command. There is documentation on the site for the config file. And be sure to do what needs to be done to have sudo use logged (usually in the syslog file, but you can define it to any file you want). The log is fairly conprehensive: who did what from which directory.
Be sure to prohibit the users from being able to su to root.
After it's installed, the user would type sudo mksysb -i /dev/rmt0 (for example). sudo comes back asking for a password. the user types in his own password and then the command executes if the user has been granted the rights.
Good luck.
p.s.: you don't sound quite new to AIX. Tek-Tips is a great site to learn about it.
After sudo is installed (in /usr/local/bin, so be sure that is in your path), you edit a sudoers file and list the users you want to be able to use sudo. There is a configuration file where you can make groups of commands normally available only to root available to users (or groups of users, also defined in the configuration file) who would normally not be able to use the command. There is documentation on the site for the config file. And be sure to do what needs to be done to have sudo use logged (usually in the syslog file, but you can define it to any file you want). The log is fairly conprehensive: who did what from which directory.
Be sure to prohibit the users from being able to su to root.
After it's installed, the user would type sudo mksysb -i /dev/rmt0 (for example). sudo comes back asking for a password. the user types in his own password and then the command executes if the user has been granted the rights.
Good luck.
p.s.: you don't sound quite new to AIX. Tek-Tips is a great site to learn about it.
- Thread starter
- #7
- Status