How to enable a non-root user to start 'serevu'

Document ID : KB000055280
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Serevu deals with users who have tried to log in unsuccessfully.

T he daemon 'serevu' can be started by a non-root user provided that a set of rules authorising an Access Control (AC) administrator to do so, are present in the Access Control database.

Requisites:
The steps outlined below assume a standard installation of Access Control where all the classes required for the example below to work, are enabled by default.

Solution:

Note:
It is assumed that the user that will be allowed to start the 'serevu' daemon is already present at Operating System level.
In this example, a user called 'actest' will be used, and the name of the system is 'myServer.acme.com'. The user designated to start serevu, in this case actest, needs to be an AccessControl administrator.

From the selangcommand prompt execute the following commands:

  1. nu actest admin
  2. auth TERMINAL myServer.acme.com uid(actest) access(a)
  3. auth PROGRAM /opt/CA/eTrustAccessControl/bin/sesudo uid(actest) access(exec)
  4. auth SURROGATE USER.root uid(actest) acc(read)
    via(pgm(/opt/CA/eTrustAccessControl/bin/sesudo))
  5. nr SUDO serevu data('serevu')
  6. auth SUDO serevu uid(actest)
  7. exit the 'selang' environment.
  8. From the UNIX command prompt as root execute:
    #sebuildla -a
  9. Next telnet in as actest and execute:
    #sesudo -list
    The sesudo command above should come back with the following output:
    serevu : serevu
  10. Finally execute serevu via sesudo:
    $sesudo serevu

The Access Control ' issec' command should now show the 'serevu' daemon running with its corresponding PID.