dop - Allows a user to execute a privileged program without knowing the
root password. The dop command also modifies the action database.
/usr/sbin/dop [-n | -N] [ui:] action [args]
/usr/sbin/dop -a priv[,priv]... action [ui:]pathspec[,[ui:]pathspec]...
/usr/sbin/dop -a priv[,priv]... [ui:]pathspec
/usr/sbin/dop -d action
/usr/sbin/dop [-w | -W]
-n Invokes a prompt asking the user if they want to run the command as a
user or as root. The root password is required to run as root.
-N Attempts to run the action with the user privileges.
-a Adds new actions to the dop database.
-d Deletes an existing action from the dop database.
-w Writes a binary image without changing the source.
-W Updates the actionlist from the dop action file and then executes the
-w option, which writes the binary image.
action Name of privileged program to invoke
args Arguments to pass to the application guarded by the privilege.
priv Comma separated privilege list (see sysman dopconfig)
The fully qualified path name and arguments for the associated
When specified by a comma separated pathlist and arguments for mul-
tiple user interface domains (ui:), the first ui: argument speci-
fied is used as the default. If no action is specified, then the
path base name is used. A run-time argument replaces the first
occurrence of asterisk as a word (for example *) in a string, or
else they are ignored. Path arguments should be quoted per the
ui: Optional. A user interface domain, typically one of X11, suit,
java, menu, cui, or cli.
The dop (Division of Privileges) command can execute an action after proper
authentication from the privilege database file. For more information, see
the Security guide.
You must have root privileges to modify the privileges database.
The following example will add an action to the AccountManagement
dop -a AccountManagement adduser_script /usr/sbin/adduser
The following example runs the action adduser_script for the AccountManage-
The following example deletes the adduser_script action from the action
dop -d adduser_script
Executable file for adding or deleting permissions for users and or