With the flexibility this tool offers comes great risk and the responsibility to mitigate that risk. For all practical purposes, this feature grants a root BASH prompt to anyone with administrative access to the system on the website.

This can be controlled, however, through the same config-enable mechanism used to determine which systems can have their configuration files managed by Red Hat Network. Refer to Section 6.4.2.9.3, “System Details ⇒ Configuration — ” for details.

In short, you must create a directory and file on the UNIX system that tell RHN it is acceptable to run remote commands on the machine. The directory must be named script, the file must be named run, and both must be located in the /etc/sysconfig/rhn/allowed-actions/ directory specific to your UNIX variant.

For instance, in Solaris, issue this command to create the directory:

 mkdir -p /opt/redhat/rhn/solaris/etc/sysconfig/rhn/allowed-actions/script 

To create the requisite file in Solaris, issue this command:

 touch /opt/redhat/rhn/solaris/etc/sysconfig/rhn/allowed-actions/script/run