run a command as root
/tcb/bin/asroot command [ args ]
allows an authorized user to run a command as superuser (root).
Commands that can be used with asroot are defined
by the superuser (see ``Making a command executable under asroot'')
and must be present in the /tcb/files/rootcmds
directory. Only root can make entries in this directory.
To use asroot,
the user must have either the root primary subsystem
authorization (which allows any command in the rootcmds
directory to be run) or have a secondary subsystem authorization
with the same name as the command. In addition to one of these
the user must also have the execsuid kernel privilege.
By default, asroot asks for the user's account
password before executing
the command. (This prevents an unauthorized user from using a terminal
which an authorized user has left without logging out.) This feature can
be turned off by entering the line ``ASROOTPW=NO'' in
also logs its use by making entries in the logfile defined by the
SULOG variable (usually /usr/adm/sulog) as
configured in /etc/default/su.
If the command to run is a shell script then
it will be executed by the Bourne
(/bin/sh) shell. The setting of the SHELL environment
variable is not considered.
Making a command executable by asroot
To make a command executable by
asroot, log in as root and do the following:
Copy the desired command into the
Do not create a link if the permissions on the file are less restrictive
than those listed in the File Control database
Note that if the command sets a new group
or user ID on execution,
it will not execute correctly after
changes its permissions.
(For example, the command
which has symbolic permissions ``---x--s--x'',
sets the group ID to lp on execution.)
To overcome this, create a shell script that calls the
command, and place the script in the
Change the permissions on the file to match those specified in the File
Control database. This can be done most conveniently with the
Edit the authorizations file
and add a comma and the name of the new command to the end of the line
beginning with ``root:''.
This declares a new secondary subsystem authorization
that can be given to users like any other authorization with the
Accounts manager or
Users can only execute the command with asroot
if they have the root
authorization or the authorization corresponding to
the name of the command.
Default asroot commands
By default one command is shipped in the
/tcb/files/rootcmds directory: the
Only trusted users should be given the root authorization.
asroot returns an exit code of 1 when:
will also return an exit code of 2 when no command name is given or
an exit code of 3 if the command cannot be executed.
the length of the command name is greater than 16 characters
the user is not authorized to run the command
the command's execution bits in the
/tcb/files/rootcmds directory are not set properly
an integrity violation is detected
an authentication error is detected
an incorrect user password is entered
Care must be taken, when choosing commands to be executed by
asroot, that the root privilege is not
given away accidentally. For example, if
the Accounts manager
were to be run via asroot
then any shell escapes would also run as root.
checks the permissions of the complete pathname of all files it
uses. If any component of a path does not match its entry in
the File Control database, an integrity violation is reported.
to discover where the integrity violation has occurred.
A line in /etc/auth/system/authorize
cannot exceed 1024 characters in length and the sum of the number of primary
and secondary authorizations cannot exceed 32.
File Control database
ASROOTPW and SULOG settings
asroot is not part of any currently supported standard; it is
an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003