How can I authorize a non-root user to do a system backup with 'mksysb'?

AIX122 · April 30, 2008, 6:34am

I use AIX 5.2 I want to allow a non-root user to do a system backup with 'mksysb' command.
I try to add 'ManageBackup' Role to that non-root user but it have an error "ksh: mksysb: 0403-006 Execute permission denied."
What should I do?

bakunin · April 30, 2008, 11:36am

Have you considered using "sudo"? With this package installed you can specify certain commands to be run by a (group of) user(s) as root. You can even limit this to the prescribed usage of certain parameters (for instance, a user might be allowed to do a "ls -l" as root, but not a "ls -a", etc.).

It looks like you could tailor this to exactly your needs.

I hope this helps.

bakunin

grial · April 30, 2008, 11:55am

You might also SETUID the mksysb binary. Though, I would prefer (and already use) sudo...
Setting this bit is very dangerous and so, you should be VERY careful If you consider using it...

Regards.

bakunin · April 30, 2008, 12:04pm

Sorry, but "mksysb" is a shellscript. See the output of "file /usr/bin/mksysb".

Anyways, i suppose we agree upon "sudo" being by far the preferable solution.

bakunin

AIX122 · April 30, 2008, 2:09pm

How can I know, is it "sudo" installed in the system or not ?
because I not sure was installed or not

from where install "sudo" ?
and how can I use "sudo" ?
I do not have knowledge about "sudo" .

thank you very much

Franklin52 · April 30, 2008, 2:33pm

Try the whereis command or sudo -V.

A useful link:

Install and configure sudo in AIX - ITtoolboxWiki

Regards

grial · May 1, 2008, 12:39pm

Oooops! No way. I just assumed it was a binnary file so forget it, I'm sorry.
Of course, sudo is as you said: by far, the preferable solution.

prichard · May 1, 2008, 4:46pm

You can get a pre-compiled version of sudo for AIX at

IBM AIX Toolbox Download Page - Alphabetical Listing

You install with "rpm -i sudo*rpm"

(If you don't have rpm.rte installed on your OS you will need that first to install the sudo rpm.)

Now my memory is a little fuzzy but the following should work:

Enter "visudo" and add the line:

username hostname=/usr/bin/mksysb

:wq to write and quit visudo

Now the user would enter the command "sudo mksysb" and it will prompt for the users password and log what has happened in the syslog.

AIX122 · May 6, 2008, 3:05pm

Now, it is done and work by 'sudo'

thank you very much to everyone has helped me