asroot(ADM)
asroot --
run a command as root
Syntax
/tcb/bin/asroot command [ args ]
Description
asroot
allows an authorized user to run a command as superuser (root).
Commands that can be used with asroot are defined
by the superuser (see ``Making a command executable under asroot'')
and must be present in the /tcb/files/rootcmds
directory. Only root can make entries in this directory.
To use asroot,
the user must have either the root primary subsystem
authorization (which allows any command in the rootcmds
directory to be run) or have a secondary subsystem authorization
with the same name as the command. In addition to one of these
the user must also have the execsuid kernel privilege.
By default, asroot asks for the user's account
password before executing
the command. (This prevents an unauthorized user from using a terminal
which an authorized user has left without logging out.) This feature can
be turned off by entering the line ``ASROOTPW=NO'' in
/etc/default/su.
asroot
also logs its use by making entries in the logfile defined by the
SULOG variable (usually /usr/adm/sulog) as
configured in /etc/default/su.
If the command to run is a shell script then
it will be executed by the Bourne
(/bin/sh) shell. The setting of the SHELL environment
variable is not considered.
Making a command executable by asroot
To make a command executable by
asroot, log in as root and do the following:
-
Copy the desired command into the
/tcb/files/rootcmds
directory.
Do not create a link if the permissions on the file are less restrictive
than those listed in the File Control database
(/etc/auth/system/files; see
files(F)).
Note that if the command sets a new group
or user ID on execution,
it will not execute correctly after
fixmog(ADM)
changes its permissions.
(For example, the command
enable(C),
which has symbolic permissions ``---x--s--x'',
sets the group ID to lp on execution.)
To overcome this, create a shell script that calls the
command, and place the script in the
/tcb/files/rootcmds directory.
-
Change the permissions on the file to match those specified in the File
Control database. This can be done most conveniently with the
fixmog
command.
-
Edit the authorizations file
/etc/auth/system/authorize (see
authorize(F))
and add a comma and the name of the new command to the end of the line
beginning with ``root:''.
This declares a new secondary subsystem authorization
that can be given to users like any other authorization with the
Accounts manager or
usermod(ADM).
Users can only execute the command with asroot
if they have the root
authorization or the authorization corresponding to
the name of the command.
Default asroot commands
By default one command is shipped in the
/tcb/files/rootcmds directory: the
shutdown(ADM)
command.
Only trusted users should be given the root authorization.
Exit values
asroot returns an exit code of 1 when:
-
the length of the command name is greater than 16 characters
-
the user is not authorized to run the command
-
the command's execution bits in the
/tcb/files/rootcmds directory are not set properly
-
an integrity violation is detected
-
an authentication error is detected
-
an incorrect user password is entered
asroot
will also return an exit code of 2 when no command name is given or
an exit code of 3 if the command cannot be executed.
Warning
Care must be taken, when choosing commands to be executed by
asroot, that the root privilege is not
given away accidentally. For example, if
the Accounts manager
were to be run via asroot
then any shell escapes would also run as root.
Limitations
asroot
checks the permissions of the complete pathname of all files it
uses. If any component of a path does not match its entry in
the File Control database, an integrity violation is reported.
Run
integrity(ADM)
or
fixmog
to discover where the integrity violation has occurred.
A line in /etc/auth/system/authorize
cannot exceed 1024 characters in length and the sum of the number of primary
and secondary authorizations cannot exceed 32.
Files
/tcb/files/rootcmds-
asroot commands
/etc/auth/system/authorize-
Subsystem authorizations
/etc/auth/system/files-
File Control database
/etc/default/su-
ASROOTPW and SULOG settings
See also
authorize(F),
files(F),
fixmog(ADM),
integrity(ADM),
subsystems(S-osr5)
Standards conformance
asroot is not part of any currently supported standard; it is
an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2007 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 05 June 2007