Need help with setuid.

Hi Gurus,

I need your suggestions,to implement setuid.

Here is the situation. I have a user xyz on a solaris zone.He needs to install a package using a pkgadd command but i guess only a root can run that .Is there any way I can set the setuid bit on the pkgadd which is in the location /usr/sbin/pkgadd and can the user xyz will be able to execute the pkgadd command and install his package.Or is there any other way I can implement it without a sudo to root.

Thanks in Advance.
RK.

Why not sudo? That'd give you much closer control of what exactly he's allowed to with what program and parameters, as what user.

If it needs to be seamless, you could give him an alias...

1 Like

maybe rbac would be handy?!

Solaris RBAC

1 Like

Thanks Guys,

I can't implement RBAC in my environment . Sudo to root is strictly prohibited so I was searching for the workarounds.

If they're ambivalent about sudo, they'll be livid about setuid. Changing the permissions of basic system executables is not a good idea.

I suspect there's a reason they're forcing everyone to su, logging/audit purposes perhaps.

Why can't you ?
The "Software Installation" predefined role was precisely designed to allow what you are asking for.

sudo would only allow you to run pkgadd as root which is precisely what you are asking. I'm afraid you are rejecting all sensible answers.

if you are just suck to using setuid then i guess you may also use

 chmod 4711 pkgname