restrict swlist only for root (137 Views)
Reply
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 1 of 10 (137 Views)
Accepted Solution

restrict swlist only for root

[ Edited ]

I am trying to restrict the permissions of swlist only for root, that means only root can run this command, I know I can use setacl/getacl, but when I run
getacl swlist
It said that "acl failed for file "usr/sbin/swlist", Function is not availabe", any idea? Or any other better solutions? Thanks.

 

 

P.S. This thread has been moved from HP-UX > General to  HP-UX > patches - HP Forums Moderator

Respected Contributor
hpuxrox
Posts: 495
Registered: ‎04-01-2002
Message 2 of 10 (137 Views)

Re: restrict swlist only for root

chmod 700 `which swlist`
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 3 of 10 (137 Views)

Re: restrict swlist only for root

Change the permissions:


chmod 4500 swlist


live free or die
harry
Live Free or Die
Honored Contributor
MANOJ SRIVASTAVA
Posts: 1,885
Registered: ‎07-10-2000
Message 4 of 10 (137 Views)

Re: restrict swlist only for root

Hi Victor

This will work

chmod 4544 /usr/sbin/swlist


Manoj Srivastava
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 5 of 10 (137 Views)

Re: restrict swlist only for root

Hi Victor:

What type of file system ? The acl's will work only with JFS 3.3 and above.

You can consider using chmod command:

# chmod 700 swlist

I think there will be issues if you restrict the read/execute permission to others.

HTH,
Shiju

Life is a promise, fulfill it!
Honored Contributor
S.K. Chan
Posts: 4,063
Registered: ‎08-29-2000
Message 6 of 10 (137 Views)

Re: restrict swlist only for root

getacl is for JFS filesystem.

lsacl is for HFS filesystem.

Is /usr/sbin/swlist on an HFS FS ?
Honored Contributor
Christopher McCray_1
Posts: 1,004
Registered: ‎06-07-2001
Message 7 of 10 (137 Views)

Re: restrict swlist only for root

Maybe a little drastic, but you can take /usr/sbin out of the paths of regular users

Hope this helps

Chris
It wasn't me!!!!
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 8 of 10 (137 Views)

Re: restrict swlist only for root

Shiju:

Can you give me more details about "I think there will be issues if you restrict the read/execute permission to others"? What is the potential problem? Thanks.
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 9 of 10 (137 Views)

Re: restrict swlist only for root

Thanks all, what about I also want to disable remote access, I mean,

swlist @hostname ...
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 10 of 10 (137 Views)

Re: restrict swlist only for root

Hi Victor:

I have mentioned that point, because normally the permissions set to the commands and utilities in /usr, /usr/sbin, /etc are very OS specific. You should be very careful when changing the permissions or ownership of those files.

I will give you an eg: My oracle dba once reported an error starting the database -"permission denied". The problem reported to metalink and the solution was to check the permission of 'lanscan' command. In that case the permission of lanscan was incorrect when I checked it.

Like this, in your case if any dba/developer install or update any application/program which in turn calls 'swlist', then there are chances that you unnecessary spending time on it !

Sorry, if I was confusing you.

my 2 cents ..
Shiju
Life is a promise, fulfill it!
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.