Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

Grant Unix ID the right to restart services without granting sudo/root privilege (or restrict sudo)

We have a request from applications team to grant their non-privileged Solaris and AIX ids to be
able to execute their Shell scripts (which contains lines to run binaries) :
  sudo /gl/_ctron_/start1292
  sudo /gl/_ctron_/start1291

Q1:
Is there any way not to grant them sudo & root and yet still allow them to stop/start the services?
Or if we grant sudo, restrict them to run only those specific scripts & their sudo can't do anything else?

Q2:
Any way we can use SGID or SUID sticky bits to grant them without giving them root/sudo privileges?
ASKER CERTIFIED SOLUTION
Avatar of dfke
dfke
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux
sunhux

ASKER

Thanks very much;  is the above applicable for both Solaris 10 and AIX 7.x ?


Btw, Linux setuid is equivalent to SUID in Solaris?
Avatar of sunhux
sunhux

ASKER

One concern just raised by colleague: as we don't know what's in the Shell scripts, then
the apps team members could amend the script to put in any other commands, then
they would be able to do other unauthorized commands: so despite restricting to the
shell scripts stated, they can potentially do more
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of arnold
arnold
Flag of United States of America image
sudo can grant individuals access to singular and specific commands.
SOLUTION
Avatar of noci
noci
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial