asroot(ADM) 19 June 1992 asroot(ADM) Name asroot - run a command as root Syntax /tcb/bin/asroot command [ args ] Description asroot allows an authorized user to run a command as superuser (root). Commands that can be used with asroot are defined by the super user (see ``Making a command executable under asroot'') and must be present in the /tcb/files/rootcmds directory. Only root can make entries in this direc- tory. To use asroot, the user must have either the root primary subsystem authorization (which allows any command in the rootcmds directory to be run) or have a secondary subsystem authorization with the same name as the command. In addition to one of these the user must also have the execsuid kernel authorization. By default, asroot asks the user for their account password before exe- cuting the command. (This prevents an unauthorized user from using a terminal which an authorized user has left without logging out.) This feature can be turned off by entering the line ``ASROOTPW=NO'' in /etc/default/su. asroot also logs its use by making entries in the SULOG logfile as configured in /etc/default/su. If the command to run is a shell script then it will be executed by the Bourne (/bin/sh) shell. The setting of the SHELL environment variable is not considered. Making a command executable by asroot To make a command executable by asroot, log in as root and do the follow- ing: 1. Copy the desired command into the /tcb/files/rootcmds directory. Do not create a link if the permissions on the file are less restrictive than those listed in the File Control database. 2. Change the permissions on the file to match those specified in the File Control database. This can be done most conveniently with the fixmog(ADM) command. 3. Edit the authorizations file /etc/auth/system/authorize and add a comma and the name of the new command to the end of the line begin- ning with ``root:''. This declares a new secondary subsystem author- ization that can be given to users like any other authorization with the sysadmsh(ADM) Accounts -> User -> Examine:Privileges selection. Users can only execute the command with asroot if they have the root authorization or the authorization corresponding to the name of the command. Default asroot commands By default one command is shipped in the /tcb/files/rootcmds directory: the shutdown(ADM) command. Only trusted users should be given the root authorization. Files /tcb/files/rootcmds asroot commands /etc/auth/system/authorize subsystem authorizations /etc/auth/system/files File Control database /etc/default/su ASROOTPW and SULOG settings See also authsh(ADM), fixmog(ADM), integrity(ADM), subsystems(S) Diagnostics asroot returns an exit code of 1 when: 1. the length of the command name is greater than 16 characters 2. the user is not authorized to run the command 3. the command's execution bits in the /tcb/files/rootcmds directory are not set properly 4. an integrity violation is detected 5. an authentication error is detected 6. an incorrect user password is entered asroot will also return an exit code of 2 when no command name is given or exit code of 3 if the command cannot be executed. Notes asroot checks the permissions of the complete pathname of all files it uses. If any component of a path does not match its entry in the File Control database, an integrity violation is reported. Run integrity(ADM) or fixmog(ADM) to discover where the integrity violation has occurred. Care must be taken, when choosing commands to be executed by asroot, that the root privilege is not given away accidentally. For example, if sysadmsh(ADM) were to be run via asroot then any shell escapes would also run as root. A line in /etc/auth/system/authorize cannot exceed 1024 characters in length and the sum of the number of primary and secondary authorizations cannot exceed 32. Value added asroot is an extension of AT&T System V provided by The Santa Cruz Opera- tion, Inc.