Blog

May
01

Locking-down smit

It is possible to restrict a user’s access to smit (menus) and to escape to the shell from a smit session:

If you run:

$ export SMIT_SHELL=n

for a user when they press F9 they will see the following error message:

  +————————————————————————–+
|                           INFORMATION MESSAGE                            |
|                                                                          |
| Press Enter or Cancel to return to the                                   |
| application.                                                             |
|                                                                          |
|   The Shell function is not available for this                           |
|   session.                                                               |
|                                                                          |
| F1=Help                 F2=Refresh              F3=Cancel                |
F1| F8=Image                F10=Exit                Enter=Do                 |
F9+————————————————————————–+

Menu access can also be restricted by editing “/etc/security/smitacl.user” and adding a stanza for a user e.g.

$ cat /etc/security/smitacl.user
default:
screens    =    *
funcmode   =    roles+acl
backup:
screens    =    shutdown,mksysb
funcmode   =    roles+acl

01-05-2015