Granting "shutdown" permission
For the past several hours, I have scoured the internet searching for an answer to what I thought would be a very simple question. Perhaps it is still a very simple procedure ... I am just at my wits end, though, as to how to do this.
What I want is for a "normal" user to be able to shutdown the system. I am running Solaris 10 on x86. I have tried the following:
Creating a new group, adding the users to this new group, and giving the group execute permission on /usr/sbin/shutdown. Did not work. I get the message "only the user root has permission to ... blah blah blah"
Then I tried usermod with the following parameters:
usermod -A solaris.system.shutdown [username]
didn't work.
I also made sure to newgrp [shutdown_group] before executing the shutdown command. Didn't work. (Did this after I added my users to the new shutdown group)
I have also created new roles (using the roleadd command) - didn't work. I have tried granting "All" permission and roles. I have tried granting "System Admin" permission. All to no avail. I have tried combinations of all of the above; I've tried all of them a second time and rebooted after each and every attempt thinking that maybe - just maybe - all I needed was a simple reboot. This was at 12:00 this afternoon. It's now 6:00.
Regardless of everything that I have tried, I continuously get the error message, "only user root has permission to execute /usr/sbin/shutdown"
What simple thing am I missing? Any help would be greatly appreciated.
Thanks,
Caleb
New to Solaris and I have the same problem. What did you mean by:
For the past several hours, I have scoured the internet searching for an answer to what I thought would be a very simple question. Perhaps it is still a very simple procedure ... I am just at my wits end, though, as to how to do this.
What I want is for a "normal" user to be able to shutdown the system. I am running Solaris 10 on x86. I have tried the following:
Creating a new group, adding the users to this new group, and giving the group execute permission on /usr/sbin/shutdown. Did not work. I get the message "only the user root has permission to ... blah blah blah"
Then I tried usermod with the following parameters:
usermod -A solaris.system.shutdown [username]
didn't work.
I also made sure to newgrp [shutdown_group] before executing the shutdown command. Didn't work. (Did this after I added my users to the new shutdown group)
I have also created new roles (using the roleadd command) - didn't work. I have tried granting "All" permission and roles. I have tried granting "System Admin" permission. All to no avail. I have tried combinations of all of the above; I've tried all of them a second time and rebooted after each and every attempt thinking that maybe - just maybe - all I needed was a simple reboot. This was at 12:00 this afternoon. It's now 6:00.
Regardless of everything that I have tried, I continuously get the error message, "only user root has permission to execute /usr/sbin/shutdown"
What simple thing am I missing? Any help would be greatly appreciated.
Thanks,
Caleb
Navy_Coder
Posts:2,097
Registered: 4/29/06 Re: Granting "shutdown" permission
May 21, 2007 12:27 AM (reply 1 of 1) (In reply to original post )
DOH! A few beers later I figured out my problem ...... in the prof_attr file ... there are THREE colons ...
I knew it was something stupid. Sorry for the wasted space ...
Posts:2,097
Registered: 4/29/06 Re: Granting "shutdown" permission
May 21, 2007 12:27 AM (reply 1 of 1) (In reply to original post )
DOH! A few beers later I figured out my problem ...... in the prof_attr file ... there are THREE colons ...
I knew it was something stupid. Sorry for the wasted space ...
Similar Messages
-
How to grant shutdown permission
Hello,
I have created two others account apart from the root account on my solaris 10 machine. Later i' ve realized that the simple accounts don't have right to shutdown the machine unless you switch to the root account.
So which permission should i give to the non-root account to be able to shutdown the system.
Thanks in advanceBuilt In - Role Based Access control http://docs.sun.com
Open Source - Sudo
Commercial - Symark.com
If it's a laptop use the power button but not from JDS!
alan -
Error while granting Java permission to Oracle user (schema)
Hi,
I am trying to grant java permission as sys to an Oracle schema 'RCA' as follows but am getting the error ORA-29532: Java call terminated by uncaught Java exception: java.lang.SecurityException: policy table update java.io.FilePermission, <<ALL FILES>>. Could anyone please tell me how to resolve this issue?
DECLARE
KEYNUM NUMBER;
BEGIN
SYS.DBMS_JAVA.GRANT_PERMISSION(
grantee => 'RCA'
,permission_type => 'SYS:java.io.FilePermission'
,permission_name => '<<ALL FILES>>'
,permission_action => 'execute'
,key => KEYNUM
END;
Error at line 1
ORA-29532: Java call terminated by uncaught Java exception: java.lang.SecurityException: policy table update java.io.FilePermission, <<ALL FILES>>
ORA-06512: at "SYS.DBMS_JAVA", line 752
ORA-06512: at line 4
Thanks in advance for your help.
Regards,
Raj
Edited by: 906041 on 4/01/2012 18:31
Edited by: 906041 on 4/01/2012 18:33below worked for me
18:44:11 SQL> connect / as sysdba
Connected.
18:44:19 SQL> DECLARE
KEYNUM NUMBER;
BEGIN
SYS.DBMS_JAVA.GRANT_PERMISSION(
grantee => 'DBADMIN'
,permission_type => 'java.io.FilePermission'
,permission_name => '<<ALL FILES>>'
,permission_action => 'execute'
,key => KEYNUM
END;
18:44:20 2 18:44:20 3 18:44:20 4 18:44:20 5 18:44:20 6 18:44:20 7 18:44:20 8 18:44:20 9 18:44:20 10 18:44:20 11 18:44:20 12
PL/SQL procedure successfully completed.
18:44:36 SQL> 18:44:36 SQL> 18:44:36 SQL> Edited by: sb92075 on Jan 4, 2012 6:45 PM -
Hi All,
can anyone tell me that how to grant read permission on all tables of a database except tables that belong to system tablespace.
ThanksHandle: 788442
Status Level: Newbie
Registered: Aug 14, 2010
Total Posts: 58
Total Questions: 17 (12 unresolved)
so many questions & so few answers.
how I can find out the tables name that not are in system tablespace.just modify the previously provided SQL -
Granting roles permission to run packages created by somone else
Hi there,
I'm using Oracle 9i and I've written a package that has several functions that need to be run by a role other than the owner. I have 2 roles I granted execute permission on the package itself but when I log in to our app as another user with one of those granted roles, I get the 'insufficient privilege' error.
My DBA mentioned something about doing a pl/sql wrapper. I did a search under wrap in the oracle index and came up with a wrap utility. If this is what he meant, I don't understand how that helps with permissions if the wrap util just encrypts my package. How do the roles get permission to run it then?
Thanks
EvitaIf you call the stored procedure from a PL/SQL block, there will be a problem that PL/SQL does not, by default, recognize privileges granted through a role. You can either make a direct grant or you can change the PL/SQL block to specify authid current_user.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
Sql query to grant TRUNCATE permission to a table
Need help to write sql query to grant TRUNCATE permission to a table
sujnan wrote:
Need help to write sql query to grant TRUNCATE permission to a tableThis would require DROP ANY TABLE privilege.
However, this is a rather powerful privilege and should not be granted to non admin users.
Alternatively you can create a stored procedure in table owner's schema which would truncate specified table.
Grant execute rights on this SP only to required users.
See an example below:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1458414958491
You could(rather should) put in more validations in this SP to prevent users from truncating tables that they are not supposed to. -
Granting security permission to applet
Hi,
I have an applet which writes a .txt file to local disk. I want to call it through Javascript. Can anyone pls let me know how I can grant security permission to my file writing applet through Javascript?
Thanks,
PrasannaHi Munsifuv. You might get more help on this and your other AX questions on an AX-specific forum. We can help with connecting Power Query to data sources, but aren't necessarily experts on configuring those sources.
Thanks,
Ehren -
If i want to grant shutdown instance to a user?
what role should i grant to him or only i have to connect as sys to shutdown instance??Hi,
This is the procedure on Windows 2000 for example :
C:\>sqlplus internal/oracle@SASEAIDV
SQL*Plus: Release 8.1.7.0.0 - Produc
(c) Copyright 2000 Oracle Corporatio
Connectà à :
Oracle8i Enterprise Edition Release
With the Partitioning option
JServer Release 8.1.7.0.0 - Producti
SQL> grant sysoper to saseai
SQL>quit
C:\>sqlplus /nolog
SQL> connect saseai/saseai@SASEAIDV as sysoper
ConnectÃ.
SQL> shutdown immediate
Base de donnÃes fermÃe.
Base de donnÃes dÃmontÃe.
Instance ORACLE arrÃtÃe.
SQL> startup pfile=c:\oracle\admin\SASEAIDV\pfile\initSASEAIDV.ora
Instance ORACLE lancÃe.
Total System Global Area 237955100 bytes
Fixed Size 75804 bytes
Variable Size 80420864 bytes
Database Buffers 157286400 bytes
Redo Buffers 172032 bytes
Base de donnÃes montÃe.
Base de donnÃes ouverte.
SQL>
Nicolas. -
Java.lang.SecurityException when granting java permission
DB version 11.1.07
We used this command to grant the following permission in development and stage environment with no problems.
exec dbms_java.grant_permission( 'SCHEMA', 'SYS:java.lang.RuntimePermission', 'getClassLoader', '' );
When the same command is run in production, it results in this.
ERROR at line 1:
ORA-29532: Java call terminated by uncaught Java exception:
java.lang.SecurityException: policy table update
SYS:java.lang.RuntimePermission, getClassLoader
ORA-06512: at "SYS.DBMS_JAVA", line 787
ORA-06512: at line 1
These commands were executed as SYS user in all environments. Any ideas what could be causing this?
Thanks.
UsmanEither you are only using a security manager in production or there is a difference in the permissions granted by the security domains (for example, .policy files).
-
What is the GRANT or permission setting that allows viewing of package body
For purposes of SOX and security/audit control, we log in under our network id's in our production environment. We have sourcecode compiled into Oracle seeded schemas ( APPS ) so that scheduled jobs are able to run with submitted from the Oracle Applications environment. We don't compile code into our personal network account areas.
I know how to GRANT EXECUTE privs so that we can execute a package in another schema, but what I want to do is to be able to view the sourcecode in another schema. Compile into APPS but be able to see the package body from my network id schema account.
I can't seem to find what the correct permission is anywhere. Granted I can look at DBA_SOURCE to get to it, but I want to use a tool like SQL Developer or TOAD to look at the code in a more presentable and easier to debug manner.
Any help ?I guess you need GRANT DEBUG ON SCOTT.PKG TO U
SYS@LSC01> create or replace package scott.pk is procedure p; end pk;
2 /
Package created.
SYS@LSC01> create or replace package body scott.pk is procedure p is begin null; end; end pk;
2 /
Package body created.
SYS@LSC01> grant create session to u identified by u;
Grant succeeded.
SYS@LSC01> grant execute on scott.pk to u;
Grant succeeded.
SYS@LSC01> connect u/u
Connected.
U@LSC01> select text from all_source where name='PK';
TEXT
package pk is procedure p; end pk;
U@LSC01> connect / as sysdba
Connected.
SYS@LSC01> grant debug on scott.pk to u;
Grant succeeded.
SYS@LSC01> connect u/u
Connected.
U@LSC01> select text from all_source where name='PK';
TEXT
package pk is procedure p; end pk;
package body pk is procedure p is begin null; end; end pk; -
How to grant user permission to create "Credential" and "Proxies"
Hi Team,
Kindly let me know how to grant permission for user to create "Credential" and "Proxies" on server:
Thanks in advance
SantoshCan I revoke this permissions once I grant?
You can use DROP and REVOKE commands to do the opposite.
USE [msdb]
GO
ALTER ROLE [SQLAgentOperatorRole] DROP MEMBER [TestLogin1]
GO
USE [msdb]
GO
ALTER ROLE [SQLAgentReaderRole] DROP MEMBER [TestLogin1]
GO
USE [msdb]
GO
ALTER ROLE [SQLAgentUserRole] DROP MEMBER [TestLogin1]
GO
use [master]
GO
REVOKE ALTER ANY CREDENTIAL TO [TestLogin1] AS [sa]
GO
Cheers,
Vaibhav Chaudhari
[MCTS],
[MCP] -
SSRS How to grant BROWSE permission for reports for all the application users?
Hello,
Problem Statement
I need to allow all of my application users to browse the SSRS reports via logging onto the Report Manager and to some other I even want them to use Report Builder to modify & upload the report.
How could I achieve this.
Environment & Current implementation
We use SQL Server 2012 reporting services.
Custom authentication has been implemented using IAuthenticationExtension Interface. For more details, please refer
this msdn link.
Currently, for each new user created in the application, the admin has to manually give BROWSER role to the username to enable that newly created user to browse the reports.
Is there any way in which we can give "everyone" the BROWSE permission and get rid of this manual permission granting process?
Please feel free to ask for any additional information you need to help me on this issue.
Thanks!
-Vinay Pugalia
If a post answers your question, please click "Mark As Answer" on that post or
"Vote as Helpful".
Web : Inkey Solutions
Blog : My Blog
Email : Vinay PugaliaHi vinaypugalia,
According to your description, you want to grant permissions for users to access report server in a batch, right?
In your scenario, you can use
script files( AddItemSecurity.rss and ConfigureSystemProperties.rss )with the Reporting Services SOAP API to assign permissions. It’s better that you add those users to a user group then run those script.
Similar thread for your reference:
SQL script to grant user permissions for SQL Server Reporting Services
Programmatically adding users to SSRS?
If you have any question, please feel free to ask.
Best regards,
Qiuyun Yu
Qiuyun Yu
TechNet Community Support -
Grant execute permission to stord proc for user setup on inital DB server creation
When I setup my SQL Azure DB it asked for me to create a login, which I did. Now I need to give that users execute permission on some stored proc but when I run
GRANT EXECUTE ON ELMAH_GetErrorsXml TO MyUser;
I get the error
Cannot find the user 'MyUser', because it does not exist or you do not have permission.
If I look under Security -> Users I do not see my user listed I only see dbo, quest, INFORMATION_SCHEMA, and sys.Hi,
Please refer these links for more details.
http://azure.microsoft.com/en-us/documentation/articles/sql-database-get-started/
http://msdn.microsoft.com/en-us/library/ms187965.aspx
http://msdn.microsoft.com/en-us/library/ms173463%28v=SQL.100%29.aspx
Girish Prajwal -
Granting permanent permission to an Applescript to access Contacts
I have an Applescript saved as an application that I launch automatically in the middle of every night. Before I upgraded to Mavericks, it ran fine unattended. After I upgraded to Mavericks, it asks for permission to access my contacts evey time it runs.
Is there a way to permanently grant it access to the contacts so that it can run reliably on its own?
Thanks!A regular AppleScript application modifies itself by saving properties and globals with the script(s), so it is seen as a different application by the security frameworks in Mavericks each time that it is run. You can try something like setting the application or its scripts to read-only (any persistent properties and globals won't be be saved), using Xcode (a Cocoa-Applescript written in Xcode does not save globals), or signing the application - see Using AppleScript with Accessibility and Security features in Mavericks.
-
Hello,
Which permission someone can give to another user on solaris 10 box to be able to shutdown the system.
On my system only root user can shut the machine down. All the rest of the users can only log off from their current session not be able to shut the system down.
Thanks.bezgodo wrote:
Hello,
Which permission someone can give to another user on solaris 10 box to be able to shutdown the system.
On my system only root user can shut the machine down. All the rest of the users can only log off from their current session not be able to shut the system down.
Thanks.If the machine is multi-user then it would be best if only root can shut the machine down. Otherwise any user can just init 6 and everyone else gets blasted. If you really want to do this then you can use RBAC, sudo, Power Broker or some other utility.
alan
Maybe you are looking for
-
i bought my iphone from jordan and it was locked to orange jordan, now i am living at UAE how can run my phone here ?
-
Unable to open PDF Files with adobe reader VI
I have downloaded the latest version of Adobe Reader VI I am still not able to open PDF Files. When I click on the file I get a blank window with a little black box inside a White X! This black box appears in the upper left hand corner of the bl
-
ORABPEL Err: 1007 in deploying SOAOrderBooking
When i tried to deploy the deploy SOAOrderBooking Appln...iam getting this compilation err: ORABPEl err:1007 ...tell me some suggestions pls... Error is: Error(453): [Error ORABPEL-10007]: unresolved messageType [Description]: in line 453 of "I:\down
-
Copy variants from query to query.
Hello , Does anyone know how to copy the variants from one query to other ?? Do I need a custom program to accomplish this ?? If yes any suggestions on the FM's to used for this . Gautam
-
Basic apps/games for the nano 6th generation
Question for Apple: Are the any plans for additional updates. For example it would be good if there were a few basic apps/games for the nano considering the price associated with it. Please note I understand that there is limitation to what can be ad