sam15
asked on
pbrun_commannd
Does anyonw know what pbrun command does?
is there another alternate command to use and what is causing the error below.
solaris% pbrun /usr/bin/chown -R cbcadm "/upload/cbc/mags/2331"
pbrun4.0.8-03[9656]: 3003.01 Could not connect to a master daemon
is there another alternate command to use and what is causing the error below.
solaris% pbrun /usr/bin/chown -R cbcadm "/upload/cbc/mags/2331"
pbrun4.0.8-03[9656]: 3003.01 Could not connect to a master daemon
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Or you could do it the Solaris way and use pfexec and RBAC.
The pbrun command uses a central server to handle authorization and auditing of running commands as the superuser. The rror you got sounds like the system is not able to contact the central server. Is it running? I presume that you are using pbrun for a particular reason, and I suspect attempts to get around it would not be met with much approval.
The pbrun command uses a central server to handle authorization and auditing of running commands as the superuser. The rror you got sounds like the system is not able to contact the central server. Is it running? I presume that you are using pbrun for a particular reason, and I suspect attempts to get around it would not be met with much approval.
ASKER
would pfexe and rbac more reliable than pbrun and do the same thing.
This is an existing program. I did not write it.
This is an existing program. I did not write it.
It depends on what you are trying to do. The pbrun command is the user interface for PowerBroker, which is a priv authorization and auditing program. If you are using it, then the management has decided that they want the features of PB used whenever you use super-user type commands. It looks at the command, decided is you are allowed to run the command, and records the command you used. The weak point of PB is that it requires access to a central server, which is a point of failure.
Using sudo or pfexec do not have this failure point, but they do not offer all of the same features. Before you try to circumvent PB, you need to be sure that you have authorization to do so. Since PB is mostly used in enterprise situations, I presume that you do not actually own this computer, that it is owned by your employer, correct? If it is not yours, be careful before trying alternate approaches.
Using sudo or pfexec do not have this failure point, but they do not offer all of the same features. Before you try to circumvent PB, you need to be sure that you have authorization to do so. Since PB is mostly used in enterprise situations, I presume that you do not actually own this computer, that it is owned by your employer, correct? If it is not yours, be careful before trying alternate approaches.
ASKER
yes it is a customer server. It seems issue is elated to a log getting filled and powerbroker failing.
Are you saying sudo or pfexe will not depend on a log and is more reliable.
how do you check if you can run those.
Are you saying sudo or pfexe will not depend on a log and is more reliable.
how do you check if you can run those.
Neither of them just work, they both require configuration. The point is that allowing a user to have unfettered super-user access to the system is in essence handing the key over to them. All of sudo, pbrun and pfexec were invented to allow the owner of a system to give limited access to selected users. They must all be set up to allow access, and you apparently are not one of the people that can do the setting up, since you would have to already have access like you need to run the command you listed.
ASKER
just a final confirm. would using this solve the problem and provide auditing. We are executing pbrun 2-3 times a second and it seems a log is getting filled and blocking it.
http://www.courtesan.com/sudo/
http://www.courtesan.com/sudo/
ASKER
THe pbrun command is trying to delete a directory on the server or change ownership as below.
Do you need root access for that?
If we change the owner of directory to our account "stmadm" would not that solve the problem and we wont need pbrun
pbrun /usr/bin/chown -R stmadm "/upload/ibm/bookdir/1231"
Do you need root access for that?
If we change the owner of directory to our account "stmadm" would not that solve the problem and we wont need pbrun
pbrun /usr/bin/chown -R stmadm "/upload/ibm/bookdir/1231"
Changing the ownership of a file or directory does require root access. I don't know if changing the ownership of the directory will alleviate the need for subsequent root access because I don't really know what you are trying to do.
Another possibility would be to create a setuid program that does only the one thing you need. That way you would not be using pbrun and the log would not fill up.
Another possibility would be to create a setuid program that does only the one thing you need. That way you would not be using pbrun and the log would not fill up.
ASKER
the program is trying to delete a directory and its contents on the server.
How the setuid work? does it require any special setup.
is sudo above another solution too.
How the setuid work? does it require any special setup.
is sudo above another solution too.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
would this work in a batch job that runs as "stmadm". this will run continuously and when it deletes the directory it will call that program owned by root. would this work.
That is the perfect application of the technique.
I am facing issue i can able to access the particular power broker group. But it is waiting for connection and lastly i am getting connection timed out. Please any one help. PFA for the below error.
pbrun -h az84wfm08 su - ssp
Start date for command access = 2011/06/08
End date for command access = 2016/06/16
Finished verifying PDM agile account users group...
Finished verifying PDMOPS Prod Support group...
Finished verifying PDM agile account users group...
Finished verifying Vendavo Support group...
r54722's Password:
This session is being logged. Welcome Ebiz Support Team Member !
3431.3 Security error, please see your administrator.
pbrun5.0.4-06[4284660]: 3005 Request ended unexpectedly
pbrun -h az84wfm08 su - ssp
Start date for command access = 2011/06/08
End date for command access = 2016/06/16
Finished verifying PDM agile account users group...
Finished verifying PDMOPS Prod Support group...
Finished verifying PDM agile account users group...
Finished verifying Vendavo Support group...
r54722's Password:
This session is being logged. Welcome Ebiz Support Team Member !
3431.3 Security error, please see your administrator.
pbrun5.0.4-06[4284660]: 3005 Request ended unexpectedly
find a good description of pbrun here -
http://www.uiweb.uidaho.ed
wmp