RBAC: create a user to shut the server

chaandana · June 26, 2007, 3:42am

Hi,

I have created a user to shutdown the server using RBAC.
Here are my steps:

roleadd -u 1000 -g 10 -d /home/stopsys -m stopsys
passwd stopsys
edit /etc/security/prof_attr to include:
Shut:::able to shut the server:
modrole -P Shut stopsys
useradd -u 1001 -g 10 -d /home/user10 -m -R stopsys -s /bin/ksh user10
passwd user10
edit /etc/security/exec_attr to include:
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0

Now, when I login & execute the shutdown cmd, I get this:
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown

But the relavent files have been updated as follows:
#tail -1 /etc/security/prof_attr
Shut:::Shutdown the Server:

# tail -2 /etc/user_attr
stopsys::::type=role;profiles=Shut
user10::::type=normal;roles=stopsys

# tail -1 /etc/security/exec_attr
Shut:suser:cmd:::/usr/sbin/shutdown:uid=0

Would you be able to find the issue here ?

Thanks in advance.
Chaandana

craigp84 · June 26, 2007, 1:11pm

Hi chaandana,

Sorry if i'm stating the obvious, but it doesn't look like you're su'ing to the stopsys role before trying to shutdown?

login: user10
password:
$ su stopsys
Password:
$ shutdown -y -g0 -i5

Hope this helps,

Craig

chaandana · June 27, 2007, 4:31pm

Hi Craig,

Means I forgot the obvious. Thanks.

Cheers!