From: Markus Iturriaga Woelfel (miturria@cs.utk.edu)
Date: Fri Sep 06 2002 - 14:05:02 EDT
Sunmanages,
I'm having a small puzzling problem with RBAC and passwd/yppasswd. I want
to give certain users the right to change other user's passwords. For that
I have set up an RBAC role with the "User Security" profile. I can su to
this role but when I try to run 'passwd' or 'yppasswd' I get permission
denied errors. This is setup on the NIS master.
>From exec_attr:
User Security:suser:cmd:::/usr/bin/passwd:euid=0;gid=0
User Security:suser:cmd:::/usr/bin/yppasswd:euid=0;gid=0
User Security:suser:cmd:::/usr/bin/nispasswd:euid=0;gid=0
User Security:suser:cmd:::/bin/yppasswd:euid=0;gid=0
User Security:suser:cmd:::/bin/passwd:euid=0;gid=0
User Security:suser:cmd:::/bin/nispasswd:euid=0;gid=0
User Security:suser:cmd:::/usr/sbin/pwck:euid=0
User Security:suser:cmd:::/usr/sbin/pwconv:euid=0
I can add other commands to this for testing purposes (like 'touch') and
they are executed with root privileges. My role is called "lbassist" and
it seems to work otherwise.
$ passwd jruser
passwd (NIS): Permission denied
Permission denied
I can run passwd fine when su'ed to root. I've tried trussing passwd
(after giving truss access to the role) but it yields no useful info.
Password files are in an NIS map and rpc.yppasswdd is running.
Thanks for any insight you might have. I will summarize if a solution is
found.
Markus
-- Markus A. Iturriaga Woelfel, SysAdmin Department of Computer Science University of Tennessee, Knoxville miturria@cs.utk.edu / (865) 974-3837 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:54 EDT