vgHome
Posting Rules
Disclaimer
Privacy Policy and Contacts
About Rootvg
vgBookmarks
old Bookmarks
vgForum
Recent Posts
Old Forums
vgGuides
AIX6
FAQ
HOWTO
Service Bulletins
QuickRef AIX 5.2
QuickRef AIX 5.2 - Help
vgNews
Smitty - Change "Shell" option
Home
Help
Login
Register
Welcome,
Guest
. Please
login
or
register
.
January 10, 2009, 12:22:01 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
ROOTVG
>
AIX
>
Administration
>
Smitty - Change "Shell" option
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Smitty - Change "Shell" option (Read 723 times)
0 Members and 1 Guest are viewing this topic.
Michael
Administrator
Hero Member
Posts: 539
Re: Smitty - Change "Shell" option
«
Reply #2 on:
November 06, 2007, 10:11:36 PM »
There has been a lot discussed around this option previously. I am not sure, off the top of my head whether there is an option to turn it off or not - other than changing the SHELL environment definition.
Note that AIX 5.2 is very very near "end of official support". It did get a six month extension, but for anything on POWER5 and above, you really want AIX 5.3.
And note: AIX 5.2 has already had it's last TL (technology level) to TL10. Other than "security fixes" AIX 5.2 has reached the end of updates already.
Logged
mlange
New Member
Posts: 2
Re: Smitty - Change "Shell" option
«
Reply #1 on:
October 30, 2007, 04:00:19 PM »
after searching the ODM and not finding this option I figured there must be another way how Smitty knows what to do to exectute the shell. The $SHELL environment variable appears to be used for this, altering this (temporarily) in /bin/false broke the option. Hopefully this does not break the rest of the system, which I'm investigating now.
Logged
mlange
New Member
Posts: 2
Smitty - Change "Shell" option
«
on:
October 30, 2007, 02:27:40 PM »
Hello all,
Due to using sudo lists for specific tasks by specific roles, of which some require root access, I would like to add smitty (including fastpaths) to the list of commands allowed to run as root. However, smitty has the option to open a shell, which would eliminate the specific role / access this user has.
For this I would like to either remove the shell access altogether or (preferably) change the command exectured by F9 from /usr/bin/ksh to something else so I can check for root privileges.
Unfortunately the option in sudo to deny opening a shell from a program does not work under AIX, according their documentation.
The server I am testing on is AIX 5.2 ML4, will upgrade to subsequent maintenance levels to see if and how these affect the "solution".
Logged
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
AIX
-----------------------------
=> Administration
=> Virtualization
=> Applications
=> HACMP
=> Security
=> AIX6 Implementation and Administration
-----------------------------
Hardware
-----------------------------
=> Power6
=> Power5
=> Power4
=> RS/6000 (Power III and earlier)
-----------------------------
Linux on POWER
-----------------------------
=> Planning and Installation
=> General
-----------------------------
Announcements
-----------------------------
=> Announcements
=> Discussion
Loading...
FastPath
HowTo
New in AIX6
RBAC
Security
WPAR
Service Bulletins
InfoCenters
AIX 6.1
AIX 5.3
AIX 5.2
AIX 5.1
- - - - - - -
Fix Central
HMC Downloads
IBM Firmware/LIC
VIOS Support
- - - - - - -
Hardware Documents
PowerHA (HACMP)
Tivoli Manuals
- - - - - - -
IBM Training
src="http://e1.extreme-dm.com/s10.g?login=jootvg&j=n&jv=n" />
Terms of Use
and
Privacy and Security Policies
Copyright 2001-2008 Michael Felt and ROOTVG.NET
HOWTO: Quick Setup guide for dual VIOS and MPIO
AIX, HMC and VIOS updates released
Are you open to DNS spoofing?
HOWTO: Cleanup a PVMISSING disk
FAQ: System P Certification - how to become CATE!
HOWTO: Create a boot-only CD or DVD for AIX
