The problem usually occurs when you need to redirect output. For example:
# tar cvf - /etc/ | gzip -c > /protected_dir/etc_backup.tgz
Or, the one which I just used, and reminded me that this deserves a quick posting:
# m4 somefile.m4 > newfile.cf
Both of these will fail if the target directory is one that your user ID does not have permission to write to. In many cases, the frustrated SA will simply use sudo to "su" to the root user and perform the command there. But we Solaris Jedi know that this is simply a temptation of the dark side pulling at a time when you need to get work done.
The right thing to do is create a subshell that executes the command. Returning to the above examples, the right instantiation would be:
# sudo sh -c "m4 somefile.mc > somefile.cf"
# sudo sh -c "tar cvf - /etc | gzip -c > /protected_dir/etc_backup.tgz"
Works like a charm. That being said, I'm much more an advocate for using RBAC on Solaris, but I'm going to fight the power of scope creep on this posting and stick with sudo.
2 comments:
I, for one, would very much like to see a post on RBAC. I'm working to move my group from using 'su -' or 'sudo' to RBAC and would like to know how you have gone about it.
Great posts. Please keep it up. Thanks.
Tony.
I have something along those lines cooking right now. Stay tuned!
Post a Comment