mksysb

[aaronkeith]

Hi everyone!

Is it possible for our operators to perfrom mksysb even without the root authority? How can we do that?

Thanks,
aaronkeith

 

[unclebrian]

Set up a user with root authority but set up a script to execute in .profile which will run the mksysb.

.profile should look like this

exec /usr/bin/opsscript

/usr/bin/opsscript should look like this

mkszfile -f
mksysb /dev/rmt0

 

[guggach]

i don't know mksysb, and what it's doing.
google for 'sudo' or 'op' execs, it's freeware
i personnaly prefer 'op'

don't forget, RTFMP guggach

 

[RodKnowlton]

unclebrian,

Do just what you described, and the operator will have at least three ways to own your box.

sudo is definitely the way to go here.

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L

 

[hfaix]

sudo

- probably still used by a script executed with the .profile, and shell trapping. I would make it as user friendly as possible

 

[alexhu]

Another vote for sudo

Alex

 

[mrn]

Sudo would be the best way, but if your not allowed to install stuff, as at my site, you can do

Create an ops user then change UID & GID to 0.

I then create a menu for ops to use and use trap & exit in the .profile to stop them breaking out.

**** OPS Menu *****

1. Run mksysb
2. Check disk space
3. Run VGbackup
4. ....

99. Exit

I can send you the scripts should you wish.

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant."

 

[Yegolev]

it is me again to once again say:

try Rsh, that is with a capital R. it is even listed in the man pages. it will provide better security than a simple menu in .profile.

IBM Certified -- AIX 4.3 Obfuscation

 

[aaronkeith]

Thank you for all the inputs that you have shared. I appreciate it so much. I am now trying to create a script that will be used by our operators.

Yegolev, I am considering you suggestion as well. I will study Rsh.

mrn, I would appreciate it if you can send me your script... pls. email it at ldedios@yahoo.com

Again, thanks to all who repsonded! It was such a big help.

 

[sivatek]

Hello MRN

Can you send me the script please! My id is kris_ckc@yahoo.com

Thanks

 

[hfaix]

Something to consider:
Setting the operator uid and gid to 0 gives the operator root:system privelages. If one of the shell traps fails it's likely the operator will be sitting at the prompt with root access...... and no idea what to do.

I guess it's a personal preference.

 

[RodKnowlton]

If one of the shell traps fails it's likely the operator will be sitting at the prompt with root access...... and no idea what to do.

Or worse yet, an exact idea what to do.

Remember: No system is foolproof, because fools are so clever.

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L

 

[metzlej]

I agree with Rod, use Sudo and just give them access to that one command.

Jarrett Metzler
IBM Certified Systems Expert pSeries HACMP for AIX
IBM Certified Advanced Technical Expert for AIX 5L and pSeries