asroot(ADM)

asroot -- run a command as root

Syntax

/tcb/bin/asroot command [ args ]

Description

asroot allows an authorized user to run a command as superuser (root). Commands that can be used with asroot are defined by the superuser (see ``Making a command executable under asroot'') and must be present in the /tcb/files/rootcmds directory. Only root can make entries in this directory.

To use asroot, the user must have either the root primary subsystem authorization (which allows any command in the rootcmds directory to be run) or have a secondary subsystem authorization with the same name as the command. In addition to one of these the user must also have the execsuid kernel privilege.

By default, asroot asks for the user's account password before executing the command. (This prevents an unauthorized user from using a terminal which an authorized user has left without logging out.) This feature can be turned off by entering the line ``ASROOTPW=NO'' in /etc/default/su. asroot also logs its use by making entries in the logfile defined by the SULOG variable (usually /usr/adm/sulog) as configured in /etc/default/su.

If the command to run is a shell script then it will be executed by the Bourne (/bin/sh) shell. The setting of the SHELL environment variable is not considered.

Making a command executable by asroot

To make a command executable by asroot, log in as root and do the following:

Copy the desired command into the /tcb/files/rootcmds directory. Do not create a link if the permissions on the file are less restrictive than those listed in the File Control database (/etc/auth/system/files; see files(F)).
Note that if the command sets a new group or user ID on execution, it will not execute correctly after fixmog(ADM) changes its permissions. (For example, the command enable(C), which has symbolic permissions ``---x--s--x'', sets the group ID to lp on execution.) To overcome this, create a shell script that calls the command, and place the script in the /tcb/files/rootcmds directory.
Change the permissions on the file to match those specified in the File Control database. This can be done most conveniently with the fixmog command.
Edit the authorizations file /etc/auth/system/authorize (see authorize(F)) and add a comma and the name of the new command to the end of the line beginning with ``root:''. This declares a new secondary subsystem authorization that can be given to users like any other authorization with the Accounts manager or usermod(ADM). Users can only execute the command with asroot if they have the root authorization or the authorization corresponding to the name of the command.

Default asroot commands

By default one command is shipped in the /tcb/files/rootcmds directory: the shutdown(ADM) command. Only trusted users should be given the root authorization.

Exit values

asroot returns an exit code of 1 when:

the length of the command name is greater than 16 characters
the user is not authorized to run the command
the command's execution bits in the /tcb/files/rootcmds directory are not set properly
an integrity violation is detected
an authentication error is detected
an incorrect user password is entered

asroot will also return an exit code of 2 when no command name is given or an exit code of 3 if the command cannot be executed.

Warning

Care must be taken, when choosing commands to be executed by asroot, that the root privilege is not given away accidentally. For example, if the Accounts manager were to be run via asroot then any shell escapes would also run as root.

Limitations

asroot checks the permissions of the complete pathname of all files it uses. If any component of a path does not match its entry in the File Control database, an integrity violation is reported. Run integrity(ADM) or fixmog to discover where the integrity violation has occurred.

A line in /etc/auth/system/authorize cannot exceed 1024 characters in length and the sum of the number of primary and secondary authorizations cannot exceed 32.

Files

/tcb/files/rootcmds: asroot commands
/etc/auth/system/authorize: Subsystem authorizations
/etc/auth/system/files: File Control database
/etc/default/su: ASROOTPW and SULOG settings

Standards conformance

asroot is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.