If you provide users with the ALL command alias, and then try to create a. As a superuser or administrator, run the visudo to. Here is an example of what a naughty user might try: echo 'service network restart' > /tmp/hax chmod a+x /tmp/hax sudo /tmp/hax. To enable sudo for the username on RHEL, add the username to the wheel group. sudoRunAsGroup This attribute allows users to run commands as a member of a Unix group. Where package_location is the path to the package. There are 1000 ways to run service network restart without doing sudo service network restart. This works exactly like the RunAs list discussed in Chapter 4. Sudouser ALL = DVDINSTALLCMDS, DVDUNINSTALLCMDS, INSTALLDIRCMDS, CVPUSH, /bin/sh, /usr/bin/ metallic # Path to the scripts and binaries needed for the push installĬmnd_Alias CVPUSH =/opt/seed/*, /opt/ metallic/*, /opt/ metallic/installer/*, /opt/ metallic/Base/*, /usr/bin/ metallic, /usr/local/bin/ metallic, /usr/bin/cvpkgrm, /usr/local/bin/cvpkgrm # Path to the Metallic installation directoryĬmnd_Alias INSTALLDIRCMDS =/opt/ metallic/* If you want users to only run Metallic commands as root users, enter the following: # Allow users to install and run Metallic commandsĬmnd_Alias DVDINSTALLCMDS =/ package_location/cvpkgaddĬmnd_Alias DVDUNINSTALLCMDS =/usr/bin/cvpkgrm To remove the password prompt during the computer login, specify NOPASSWD: ALL as follows: sudouser ALL=(ALL) NOPASSWD: ALL If you want users to perform all UNIX commands as root users, enter the following: sudouser ALL=(ALL) ALL Open the /etc/sudoers configuration file in editable mode by using the following command: visudo sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. If you would like to run more commands, then add those commands (with full path) separated with a comma. In order to do both touch and ls as peeradmin user, the rule in /etc/sudoers file should look like: nagios ALL (peeradmin) NOPASSWD: /bin/ls, /bin/touch. On Solaris computers, edit the /etc/default/login configuration file and set the "PATH=" variable to the directory where sudo is installed. Site users do not have sudo access, meaning they cannot run commands with root privileges Site users should be given to clients who require SFTP access to. Though correct, I think the above answer is a little incomplete. Before You Beginįor HP-UX, AIX, and Solaris computers, install sudo on the client before adding a sudo user. The sudo user must be added to the /etc/sudoers file. Do you mean networking and network-manager Also, why do your users have sudo access They shouldn't unless you want them to have full root privileges. You can install the Metallic software as a sudo user with root privileges. 764 1 8 16 Which distribution are you using The service names are distro specific and I don't know of any distro that uses the names you have there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |