ASROOT(ADM) UNIX System V
Name
asroot - run a command as root
Syntax
/tcb/bin/asroot command [ command args ]
Description
asroot allows an authorized user to run a command as
superuser (root). Commands that can be used with asroot are
defined by the superuser (see ``Making a Command Executable
Under asroot'') and must be present in the
/tcb/files/rootcmds directory. Only root can make entries
in this directory.
To use asroot, the user must have either the root primary
subsystem authorization (which allows any command in the
rootcmds directory to be run) or have a secondary subsystem
authorization with the same name as the command.
By default, asroot asks the user for their account password
before executing the command. (This prevents an
unauthorized user from using a terminal an authorized user
has left without logging out.) This feature can be turned
off by entering the line ``ASROOTPW=NO'' in /etc/default/su.
asroot also logs its use by making entries in the SULOG
logfile as configured in /etc/default/su.
If the command to run is a shell script then it will be
executed by the Bourne (/bin/sh) shell. The setting of the
SHELL environment variable is not considered.
Making a Command Executable by asroot
To make a command executable by asroot, log in as root and
do the following:
1. Copy the desired command into the /tcb/files/rootcmds
directory. Do not create a link because the
permissions on the file need to be more restrictive to
prevent tampering.
2. Change the permissions on the file to match those
specified in the File Control database. This can be
most conveniently done with the fixmog(ADM) command.
3. Edit the authorizations file /etc/auth/system/authorize
and add a comma and the name of the new command to the
end of the line beginning with ``root:''. This
declares a new secondary subsystem authorization that
can be given to users like any other authorization with
the sysadmsh(ADM) Accounts->User->Examine:Privileges
selection. Users can only execute the command with
asroot if they have the root authorization or the
authorization corresponding to the name of the command.
Default asroot Commands
By default two commands are shipped in the
/tcb/files/rootcmds directory: shutdown and sh. shutdown is
the system shutdown(ADM) command, and sh is a special
program that generates a root shell.
Only trusted users should be given the the sh or root
authorizations because this allows them to become the
superuser in an unrestricted way. You may wish to remove
/tcb/files/rootcmds/sh to ensure asroot cannot generate a
root shell.
Files
/tcb/lib/sh asroot utility program
/tcb/files/rootcmds asroot commands
/etc/auth/system/authorize subsystem authorizations
/etc/auth/system/files File Control database
/etc/default/su ASROOTPW and SULOG settings
See Also
fixmog(ADM), integrity(ADM), authsh(ADM), subsystems(S)
Diagnostics
asroot returns an exist code of 1 when:
1. the length of the command name is greater than 16
characters
2. the user is not authorized to run the command
3. the command's execution bits in the /tcb/files/rootcmds
directory are not set properly
4. an integrity violation is detected
5. an authentication error is detected
6. an incorrect user password is entered
asroot will also return an exit code of 2 when no command
name is given or exit code of 3 if the command is not a
binary and /tcb/lib/sh is not executable.
Notes
asroot checks the permissions of the complete pathname of
all files it uses. If any component of a path does not
match its entry in the File Control database, an integrity
violation is reported. Run integrity(ADM) or fixmog(ADM) to
discover where the integrity violation has occurred.
Care must be taken when choosing commands to be executed by
asroot so that root privilege is not given away
accidentally. For example if sysadmsh(ADM) were to be run
via asroot then any shell escapes would also run as root.
If you wish to use asroot to generate a root Bourne shell
you cannot use /bin/sh directly. This is because the Bourne
shell sets the effective user ID back to the real user ID.
The sh program is provided in the /tcb/files/rootcmds
directory to overcome this. sh sets the real user id to the
effective user id then runs /bin/sh. As shipped /tcb/lib/sh
is linked to /tcb/files/rootcmds/sh.
A line in /etc/auth/system/authorize cannot exceed 1024
characters in length and the sum of the number of primary
and secondary authorizations cannot exceed 32.
Value Added
asroot is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 1/7/91) ASROOT(ADM)