Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
161162163164165166167168169170
[/etc/rbac/cmd_priv]
/opt/cmd:dflt:(newop,*):0/0//:dflt:dflt:dflt:
invalid command: Not found in the system
The value '/opt/cmd' for the Command field is bad.
[Role in role_auth DB with no assigned user in user_role DB]
Rebooter:(hpux.admin.*, *)
[Invalid Role in user_role DB. Role 'UserOperator' assigned to user 'chandrika' does not exist in
the roles DB]
On a correctly configured system, the rbacdbchk command produces no output,
indicating no errors are present.
8.7.2 privrun -v Information
The second method for detecting problems is to run the privrun command with the -v
option (verbose mode). In verbose mode, privrun provides additional information
about the entries that the input command matched and the status of the authorization
checking, as well as other relevant data. In many cases, this output clarifies the issue
causing privrun to fail. Specify the -v option multiple times for additional levels of
verbose output. The following is an example of the privrun -v output with the ipfstat
command:
# privrun -v /sbin/ipfstat
privrun: user root intends to execute command /sbin/ipfstat
privrun: input entry: '/sbin/ipfstat:dflt:(,):///:dflt:dflt::'
privrun: found matching entry: '/sbin/ipfstat:dflt:(hpux.network.filter.readstat,*):0/0//:dflt:dflt::'
privrun: passed authorization check
privrun: attempting to set ruid/euid/rgid/egid to 0/0/-1/-1
privrun: current settings for ruid/euid/rgid/egid are 0/0/3/3
privrun: executing: /sbin/ipfstat
8.7 Troubleshooting HP-UX RBAC 169