Unable to login with user having shell /usr/bin/cpcksh


I have installed PUM 2.3.1
  • rajeshemailto,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    Has your problem been resolved? If not, you might try one of the following options:

    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php

    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your Novell Product Support Forums Team
    http://forums.novell.com/


  • Rajash,

    While you can change the users login shell to cpcksh (our
    non-privileged shell) you'd have to create a rule within the Command
    Control console to authorize this shell. A very simple rule would look
    like the following:

    For example:

    Begin Rule: cpcksh
    If ((command IN Cpcksh))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Stop if authorized
    End If
    End Rule: cpcksh


    This would give the user a audited shell, but does NOT grant any
    additional privileges. If login as 'brett' - I still have 'brett's
    rights, no more.

    If you are trying to grant someone a root shell, you'll want to look at
    pcksh. I wouldn't recommend to change the users login shell to pcksh,
    but to use 'usrun' to invoke the shell when needed.

    The way NPUM works is that you invoke commands using 'usrun' which then
    sends the command, username, hostname and other environmental
    information to the Command Control Manager (and Command Control rules
    you've configured). We start at the top of the rules and run through
    all of them until we either match or are told to stop.

    If you are wanting a non-privileged user to 'become root' then you'd
    create a rule that allowed the user to do so.

    For example, here's a sample rule.

    Begin Rule: pcksh as root
    If ((command IN pcksh) AND (user IN Priviledged))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Set runUser = "root"
    Stop if authorized
    End If
    End Rule: pcksh as root


    From the agent, you'd then run 'usrun pcksh' or 'usrun -u root pcksh'
    As long as the submit user (the user you are currently logged in as) is
    in the "Privileged" Group, we should match this rule and start a
    Privileged pcksh shell that is audited.


    Hope this helps.

    -Brett




    rajeshemailto;12641 Wrote:
    > I have installed PUM 2.3.1

  • Thanks Deni!!

    Its lil late but got resolved this via setting-up proper dirs