Hi Binish,
Good Day!!
Here is one way on how you can achieve it.
Define a PROGRAM rule for sesudo => newres program /opt/CA/AccessControl/bin/sesudo defacc(none)
Define a AUTH for SESUDO => authorize program /opt/CA/AccessControl/bin/sesudo uid(test_user) access(a)
Define a FILE rule "rm" => nr FILE /bin/rm onwer(nobody) defaccess(None) audit(a)
Define a SUDO => nr SUDO rm data(rm;;/tmp/*) audit(a)
Define a AUTH for SUDO => auth SUDO rm UID(test_user) access(a)
Define a AUTH FOR FILE /bin/rm => auth FILE /bin/rm uid(test_user) via(pgm( /opt/CA/AccessControl/bin/sesudo)) access(a)
This will allow the user "test_user" to delete the files in the /tmp only
to delete
/opt/CA/AccessControl/bin/sesudo rm /tmp/FILENAME
Thank You
--@
Vinay Reddy
musmo02
hargo01