Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ asroot(ADM) — OpenDesktop 1.1.1g

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

fixmog(ADM)

integrity(ADM)

authsh(ADM)

subsystems(S)


     ASROOT(ADM)                          UNIX System V



     Name
          asroot - run a command as root


     Syntax
          /tcb/bin/asroot command [ command args ]


     Description
          asroot allows  an  authorized  user  to  run  a  command  as
          superuser (root).  Commands that can be used with asroot are
          defined by the superuser (see ``Making a Command  Executable
          Under    asroot'')    and    must    be   present   in   the
          /tcb/files/rootcmds directory.  Only root can  make  entries
          in this directory.

          To use asroot, the user must have either  the  root  primary
          subsystem  authorization  (which  allows  any command in the
          rootcmds directory to be run) or have a secondary  subsystem
          authorization with the same name as the command.

          By default, asroot asks the user for their account  password
          before   executing   the   command.    (This   prevents   an
          unauthorized user from using a terminal an  authorized  user
          has  left  without logging out.)  This feature can be turned
          off by entering the line ``ASROOTPW=NO'' in /etc/default/su.
          asroot  also  logs  its  use  by making entries in the SULOG
          logfile as configured in /etc/default/su.

          If the command to run is a shell  script  then  it  will  be
          executed  by the Bourne (/bin/sh) shell.  The setting of the
          SHELL environment variable is not considered.

        Making a Command Executable by asroot
          To make a command executable by asroot, log in as  root  and
          do the following:

          1.   Copy the desired command into  the  /tcb/files/rootcmds
               directory.    Do   not   create   a  link  because  the
               permissions on the file need to be more restrictive  to
               prevent tampering.

          2.   Change the permissions  on  the  file  to  match  those
               specified  in  the  File Control database.  This can be
               most conveniently done with the fixmog(ADM) command.

          3.   Edit the authorizations file /etc/auth/system/authorize
               and  add a comma and the name of the new command to the
               end  of  the  line  beginning  with  ``root:''.    This
               declares  a  new secondary subsystem authorization that
               can be given to users like any other authorization with
               the   sysadmsh(ADM)  Accounts->User->Examine:Privileges
               selection.  Users can only  execute  the  command  with
               asroot  if  they  have  the  root  authorization or the
               authorization corresponding to the name of the command.

        Default asroot Commands
          By   default   two   commands    are    shipped    in    the
          /tcb/files/rootcmds directory: shutdown and sh.  shutdown is
          the system  shutdown(ADM)  command,  and  sh  is  a  special
          program that generates a root shell.

          Only trusted users should  be  given  the  the  sh  or  root
          authorizations  because  this  allows  them  to  become  the
          superuser in an unrestricted way.  You may  wish  to  remove
          /tcb/files/rootcmds/sh  to  ensure  asroot cannot generate a
          root shell.


     Files
          /tcb/lib/sh                    asroot utility program

          /tcb/files/rootcmds            asroot commands

          /etc/auth/system/authorize     subsystem authorizations

          /etc/auth/system/files         File Control database

          /etc/default/su                ASROOTPW and SULOG settings


     See Also
          fixmog(ADM), integrity(ADM), authsh(ADM), subsystems(S)


     Diagnostics
          asroot returns an exist code of 1 when:

          1.   the length of the  command  name  is  greater  than  16
               characters

          2.   the user is not authorized to run the command

          3.   the command's execution bits in the /tcb/files/rootcmds
               directory are not set properly

          4.   an integrity violation is detected

          5.   an authentication error is detected

          6.   an incorrect user password is entered

          asroot will also return an exit code of 2  when  no  command
          name  is  given  or  exit  code of 3 if the command is not a
          binary and /tcb/lib/sh is not executable.


     Notes
          asroot checks the permissions of the  complete  pathname  of
          all  files  it  uses.   If  any component of a path does not
          match its entry in the File Control database,  an  integrity
          violation is reported.  Run integrity(ADM) or fixmog(ADM) to
          discover where the integrity violation has occurred.

          Care must be taken when choosing commands to be executed  by
          asroot   so   that   root   privilege   is  not  given  away
          accidentally.  For example if sysadmsh(ADM) were to  be  run
          via asroot then any shell escapes would also run as root.

          If you wish to use asroot to generate a  root  Bourne  shell
          you cannot use /bin/sh directly.  This is because the Bourne
          shell sets the effective user ID back to the real  user  ID.
          The  sh  program  is  provided  in  the  /tcb/files/rootcmds
          directory to overcome this. sh sets the real user id to  the
          effective user id then runs /bin/sh.  As shipped /tcb/lib/sh
          is linked to /tcb/files/rootcmds/sh.

          A line  in  /etc/auth/system/authorize  cannot  exceed  1024
          characters  in  length  and the sum of the number of primary
          and secondary authorizations cannot exceed 32.


     Value Added
          asroot is an extension of AT&T  System  V  provided  by  the
          Santa Cruz Operation.


     (printed 1/7/91)                                 ASROOT(ADM)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026