Problem regarding creating a new policy for powerbroker (94 Views)
Reply
Advisor
ashutosh99
Posts: 35
Registered: ‎12-04-2012
Message 1 of 1 (94 Views)

Problem regarding creating a new policy for powerbroker

Hi All,

 

I'm trying to create a new policy for powerbroker, which allows users to run a script as root. But, I'm not able to do so. Please, help.

# cat /etc/pb.conf
##############################################################################

include "/etc/pb/diskusage.conf";
include "/etc/pb/catchall.conf";
print("Fell through PowerBroker configuration. Please notify Summit System Support.");

reject;

# cat /etc/pb/diskusage.conf
all_diskusage_auth={
"ashutosh",
"root"
};

 

if ( ( user !all_diskusage_auth ) && ( command == "diskusage" ) ) {
reject "You are not authorized to use diskusage.";

# OK, user is authorized to use diskusage. Test for ownership in no-diskusage
# is done in shell code.

} else if ( ( user in all_diskusage_auth ) && ( command == "diskusage" ) ) {
runuser = "root";
runcommand = "/opt/summit/util/pb/diskusage";
accept;
}

# cat /opt/summit/util/pb/diskusage
#!/usr/bin/sh

##########################################################################
# Get the disk usage for all directories in /develop/home and
# log the results to a logfile in /tmp. Change the ownership
# of the logfile to the user "mcook" and move the file to the
# "mcook" home directory.
##########################################################################

##########################################################################
# Set up internal script variables.
##########################################################################

DATE=`date +"%m%d%y"`
LOG=ulog.${DATE}

##########################################################################
# Clean up any old logfiles, if present.
##########################################################################
echo "super run" >>/tmp/superrun
if [ -e /tmp/${LOG} ] ; then
rm -f /tmp/${LOG}
fi
if [ -e ~mcook/${LOG} ] ; then
rm -f ~mcook/${LOG}
fi

##########################################################################
# Change dir. to /develop/home and record the dir. usage.
##########################################################################

cd /develop/home
du -k -s * > /tmp/${LOG} 2>&1

##########################################################################
# Make sure final ownership and permissions on the logfile
# are correct, and move the file to the "mcook" home dir.
##########################################################################

chmod 644 /tmp/${LOG}
chown mcook:develop /tmp/${LOG}
mv /tmp/${LOG} ~mcook

exit 0

 

 

$ pbsu2 diskusage
pbrun7.0.0-08[7056]: ERROR: The specified security file was not found.

 

Regards,

Ashutosh Singh

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation