which permission to backup the system

Hi Gurus,
How to give a user a permission to backup & restore all the filesystems including root file system with ufsdump without give him all root privilleges?
Thanks
husamzmAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
tfewsterConnect With a Mentor Commented:
Installing sudo from http://www.sunfreeware.com/   (Documentation at http://www.sudo.ws/sudo/readme.html ) would allow you to grant a user root permissions for running the ufsdump command;  I'm not sure if Solaris has any other built in facility to give Operator type access to certain users.
0
 
ahoffmannCommented:
either sudo, or a program (not script!) owned by root and UID bit set
0
 
husamzmAuthor Commented:
I don't preffer to use 3rd party, the system under support and in production,
How can you impliment the UID bit set ?
Thanks
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
tfewsterCommented:
The problem with writing your own utility is that you may create security loopholes; It would be worth talking to your support company to see if they will give you permission to install sudo; sudo is a well known and trusted utility that will not create any support problems.

sunfreeware is a well known & trusted site for binaries, although checking and compiling the sources yourself is always preferable - and if you do that, it's as good as software you've written yourself ;-)
0
 
ahoffmannCommented:
> How can you impliment the UID bit set ?
do you mean for scripts?
You cannot, if the OS does not allow it, for obvious reason.
0
 
rkotaraCommented:
The short answer to your question:
How can you impliment the UID bit set ?
is to use the chmod util to modify the script permissions.  The file should be owned by root.
"chmod 4755 filename" where filename is the name of your script.

This sets the permissions so that root can edit, group and anyone can execute.  If you want just a certain group to be able to run it, do:
"chmod 4750 filename" and make sure that persons group is assigned to file so they can execute.

If you need to remove the SUID setting, just do "chmod 0750" or whatever to remove the SUID bit.

I do remember having some problems with the environment of SUID scripts and think there was a switch to include for KSH on the first line.  It might be "#!/bin/ksh -p" I think (without the quotes, of course).

Hope this helps some.
0
 
s0larisw1zCommented:
No need to go the evil route of SUID scripts. All that is needed is for
the user to be in the group that owns the raw device (typically sys).
As ufsdump reads raw devices, rather than files, no permissions issues.

Also, ufsdump should be run on a 'quiet' filesystem, preferably
in single-user mode. Most installations require root password
for single-user anyway.
0
All Courses

From novice to tech pro — start learning today.