restrict swlist only for root (100 Views)
Reply
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 1 of 10 (100 Views)
Accepted Solution

restrict swlist only for root

[ Edited ]

I am trying to restrict the permissions of swlist only for root, that means only root can run this command, I know I can use setacl/getacl, but when I run
getacl swlist
It said that "acl failed for file "usr/sbin/swlist", Function is not availabe", any idea? Or any other better solutions? Thanks.

 

 

P.S. This thread has been moved from HP-UX > General to  HP-UX > patches - HP Forums Moderator

Please use plain text.
Respected Contributor
hpuxrox
Posts: 495
Registered: ‎04-01-2002
Message 2 of 10 (100 Views)

Re: restrict swlist only for root

chmod 700 `which swlist`
Please use plain text.
Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 3 of 10 (100 Views)

Re: restrict swlist only for root

Change the permissions:


chmod 4500 swlist


live free or die
harry
Live Free or Die
Please use plain text.
Honored Contributor
MANOJ SRIVASTAVA
Posts: 1,885
Registered: ‎07-10-2000
Message 4 of 10 (100 Views)

Re: restrict swlist only for root

Hi Victor

This will work

chmod 4544 /usr/sbin/swlist


Manoj Srivastava
Please use plain text.
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 5 of 10 (100 Views)

Re: restrict swlist only for root

Hi Victor:

What type of file system ? The acl's will work only with JFS 3.3 and above.

You can consider using chmod command:

# chmod 700 swlist

I think there will be issues if you restrict the read/execute permission to others.

HTH,
Shiju

Life is a promise, fulfill it!
Please use plain text.
Honored Contributor
S.K. Chan
Posts: 4,063
Registered: ‎08-29-2000
Message 6 of 10 (100 Views)

Re: restrict swlist only for root

getacl is for JFS filesystem.

lsacl is for HFS filesystem.

Is /usr/sbin/swlist on an HFS FS ?
Please use plain text.
Honored Contributor
Christopher McCray_1
Posts: 1,004
Registered: ‎06-07-2001
Message 7 of 10 (100 Views)

Re: restrict swlist only for root

Maybe a little drastic, but you can take /usr/sbin out of the paths of regular users

Hope this helps

Chris
It wasn't me!!!!
Please use plain text.
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 8 of 10 (100 Views)

Re: restrict swlist only for root

Shiju:

Can you give me more details about "I think there will be issues if you restrict the read/execute permission to others"? What is the potential problem? Thanks.
Please use plain text.
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 9 of 10 (100 Views)

Re: restrict swlist only for root

Thanks all, what about I also want to disable remote access, I mean,

swlist @hostname ...
Please use plain text.
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 10 of 10 (100 Views)

Re: restrict swlist only for root

Hi Victor:

I have mentioned that point, because normally the permissions set to the commands and utilities in /usr, /usr/sbin, /etc are very OS specific. You should be very careful when changing the permissions or ownership of those files.

I will give you an eg: My oracle dba once reported an error starting the database -"permission denied". The problem reported to metalink and the solution was to check the permission of 'lanscan' command. In that case the permission of lanscan was incorrect when I checked it.

Like this, in your case if any dba/developer install or update any application/program which in turn calls 'swlist', then there are chances that you unnecessary spending time on it !

Sorry, if I was confusing you.

my 2 cents ..
Shiju
Life is a promise, fulfill it!
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation