RBAC

From: przemolicc@poczta.fm
Date: Wed Aug 21 2002 - 08:57:25 EDT

I am trying to allow one particular user to restart samba daemons.
It is restarted by /etc/init.d/samba script.
delta:/export/home/przemol>uname -a
SunOS delta 5.8 Generic_108528-14 sun4u sparc SUNW,Sun-Fire-880
delta:/export/home/przemol>tail -1 /etc/security/exec_attr
Samba:suser:cmd:::/etc/init.d/samba:uid=0
delta:/export/home/przemol>tail -1 /etc/security/prof_attr
Samba:::Allow user to restart samba damons:none.html
delta:/export/home/przemol>tail -1 /etc/passwd
Samba:x:221:1:Allow user to restart samba
damons:/export/home/Samba:/usr/bin/pfksh
delta:/export/home/przemol>su -
Password:
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
# su - andrzejs
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
$ id -a
uid=215(andrzejs) gid=10(staff) groups=10(staff)
$ su - Samba
Password:
$ id -a
uid=221(Samba) gid=1(other) groups=1(other)
$ /etc/init.d/samba stop
pkill: Failed to signal pid 9336: Not owner
pkill: Failed to signal pid 9392: Not owner
pkill: Failed to signal pid 9450: Not owner
...
pkill: Failed to signal pid 9364: Not owner
pkill: Failed to signal pid 9349: Not owner
pkill: Failed to signal pid 9340: Not owner
Samba services stopped.

Part of the /etc/init.d/samba script:
        ;;
stop)
        pkill nmbd
        pkill smbd
        echo "Samba services stopped."
        ;;
What can I do to allow him restarting samba daemons ?
Do I need to allow him to run pkill command as well ?

przemol
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:49 EDT