From: Shawn Bierman (BiermanS@METHODISTHEALTH.ORG)
Date: Wed Mar 12 2003 - 14:30:19 EST
Yes vi could create a problem but, I didn't really want to focus on vi.
Roles seem to be a nice tool thats available with AIX but you can't find "good" documentation on it. The docs at IBM seem to be very vague and with no examples. I was hoping someone has used Roles before.
Is everyone, on this listserv, just logging in as root? =)
-shawn
>>> abdelkarim.daddi-hammou@VMD.DESJARDINS.COM 3/12/03 12:43:44 PM >>>
Hi All,
To avoid the problem of escaping from vi, you can use vim it's much better
hardned.
Abdelakrim
Abdelkarim Daddi-Hammou
Administrateur de systèmes UNIX /WebSphere -
UNIX /WebSphere Systems Administrator
Valeurs Mobilières Desjardins - Desjardins Securities
tél. (514) 281-2244 x 7604
adh@vmd.desjardins.com
"Myers, Drew" <MyersD@GOALAMO.COM>
Sent by: IBM AIX Discussion List <aix-l@Princeton.EDU>
12/03/2003 13:05
Please respond to IBM AIX Discussion List
To: aix-l@Princeton.EDU
cc:
Subject: Re: Administrative accounts
sudo can be configured to allow as many or as few commands as you wish. As
you are working with a user community you give root to, the separation of
admin capability probably is not as important as other environments might
require.
I wouldn't suggest using sudo to execute vi. One could execute shell
commands from vi, and those commands are executed as the user that started
vi.
But, I'm a little paranoid.
-----Original Message-----
From: Shawn Bierman [mailto:BiermanS@METHODISTHEALTH.ORG]
Sent: Wednesday, March 12, 2003 11:52 AM
To: aix-l@Princeton.EDU
Subject: Re: Administrative accounts
Is sudo a good substitute for Roles in AIX? The users that will be using
this are those who currently use the root account to get their jobs done.
They are trusted users (myself included) and are our AIX admins.
If I understand sudo correctly (limited experience with it) a session goes
something like this:
# sudo vi /etc/hosts
password: <enter your own password>
(edit the file)
# vi /etc/hosts (can edit again without using sudo due to a timeout value
that hasn't passed)
Is that correct?
>>> MyersD@GOALAMO.COM 3/11/03 2:58:02 PM >>>
I believe AIX supports the notion of "roles". You can assign various
tasks
to particular users, without giving them root access.
You also may want to investigate sudo.
-----Original Message-----
From: Shawn Bierman [mailto:BiermanS@METHODISTHEALTH.ORG]
Sent: Tuesday, March 11, 2003 3:36 PM
To: aix-l@Princeton.EDU
Subject: Administrative accounts
(resending this, not sure it went out as our smtp server was down.)
Greetings,
Are there any docs floating around that describe groups/roles and/or UIDs
that you use for setting up administrative accounts? The documentation in
the AIX library doesn't cover it very in-depth.
I would like to setup accounts that can create users, setup/restart print
queues and do other various system level task but without granting a UID
of
0 (zero). This would be for an AIX 5.1/5.2 environment.
Does IBM have a doc (or any of you) that describes methods and best
practices for such tasks?
thanks,
-shawn
Shawn L. Bierman
Unix Technical Support Analyst II
Methodist Healthcare
Information Systems
850 Poplar, Building #2
Memphis, TN 38105
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:39 EDT