Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Setup SUDO For a User on Linux Server
Top Forums UNIX for Advanced & Expert Users Setup SUDO For a User on Linux Server Post 302440296 by STOIE on Monday 26th of July 2010 09:02:49 PM
Old 07-26-2010
Problem is you are allowing them to tail a file, this means they will be able to look at the contents of pretty much anything they want.

for instance:
sudo tail /root/.ssh/authorized_keys

Catch my drift???

I would say chgrp the files you want them to be able to tail, to a newly created group, toss the old group owner into that group and add matt and john to the new group.

This way they can only access the files that you chgrp to the new group.

This seems to becoming more of a permissions question than a sudo question...
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

setup of user a/c in mysql in linux

Hi Friends, I am new user of linux operating system. I wanted to install a software but facing a difficulty. I am not able to proceed to the next statement without resolving this. WFT is the software i need for my purpose. Setup a MySQL user account for WTF that will have access to ... (1 Reply)
Discussion started by: alma
1 Replies

2. Linux

how to setup a virtual IP to control 2 server load for linux

Hi anyone know how to setup a setup a virtual IP to control 2 server load for linux? i only have 2 server, i don want to buy another just for the load balance... is there a way to do it? Sumemr (0 Replies)
Discussion started by: summerpeh
0 Replies

3. AIX

NIM server setup on etherchannel setup environment

I know that IBM's official stance is that NIM does not work on etherchannel environment, but has anyone able to get around it? I'm working on a p5-590 LPAR system, and the NIM master and clients are all on the same frame. Any help is appreciated. (1 Reply)
Discussion started by: pdtak
1 Replies

4. UNIX for Advanced & Expert Users

Remove and block a user from Linux server

Hi, Can anyone please guide me how can I remove/block a user from a server access. /usr/sbin/adduser -d /home/john john echo ****** | passwd --stdin john I used the above command to add a user "john". How do I delete and block john. Appreciate your responses. (1 Reply)
Discussion started by: sureshcisco
1 Replies

5. Linux

problems in linux mail server setup

hi i want to set up LInux mail server for intranet purpose. i used following document as reference Linux Mail Server softwares used are : Postfix # pre installed Procmail # pre installed Fetchmail # pre installed SpamBayes Mutt #... (1 Reply)
Discussion started by: zedex
1 Replies

6. AIX

sudo setup

I am working on setting sudo on a few AIX servers and wanted to know how to give users root access without allowing them access to the sudo logs, sudoers files and the /etc/security directory. (3 Replies)
Discussion started by: daveisme
3 Replies

7. Red Hat

setup sudo for cmd exec w/o password

i need to set up a user to execute a restricted command as another user and to be able to do so without entering a password. I understand the security concerns but let's not go there, unless you are really compelled to do so... The directive to permit is that I believe should work and did add to... (2 Replies)
Discussion started by: twk
2 Replies

8. Linux

Linux- Useradd / sudo user

Hi, I am new in linux. Please help for create new user and also need to give sudo access in linux box. Please help me Now i am having new access Thanks, Mani (2 Replies)
Discussion started by: Mani_apr08
2 Replies

9. UNIX for Dummies Questions & Answers

Samba setup in virtual server environment Windows/ Linux

I have a home network set up that consists of a few windows clients and 3 centos, and 1 suse client. These are all virtual machines, VMware Workstation. One centos vm is set to be the Samba server. Do I need Samba set up on the other Linux clients?I have no problem seeing the windows clients... (0 Replies)
Discussion started by: ktb231
0 Replies

10. UNIX for Advanced & Expert Users

Setup Samba Server to always ask user and password

How do I setup a Samba server to always ask to user and password, when a windows user, prints your files using a shared printer through a Samba Linux Server (CUPS)? (0 Replies)
Discussion started by: viga
0 Replies

LEARN ABOUT LINUX

sudo_root

sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME

       sudo_root - How to run administrative commands

SYNOPSIS

       sudo command

       sudo -i

INTRODUCTION

       By  default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
       the installer will set up sudo to allow the user that is created during install to run all administrative commands.

       This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use  a  graphical
       sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.

       To  run	a  command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
       sudo -i.

ALLOWING OTHER USERS TO RUN SUDO

       By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo,  you
       have to add these users to the group 'admin' by doing one of the following steps:

       * In a shell, do

	   sudo adduser username admin

       * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.

BENEFITS OF USING SUDO

       The benefits of leaving root disabled by default include the following:

       * Users do not have to remember an extra password, which they are likely to forget.

       * The installer is able to ask fewer questions.

       * It  avoids  the  "I  can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
	 which should make you think about the consequences of what you are doing.

       * Sudo adds a log entry of the command(s) run (in /var/log/auth.log).

       * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
	 not know is what the usernames of your other users are.

       * Allows  easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
	 compromising the root account.

       * sudo can be set up with a much more fine-grained security policy.

       * On systems with more than one administrator using sudo avoids sharing a password amongst them.

DOWNSIDES OF USING SUDO

       Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

       * Redirecting the output of commands run with sudo can be confusing at first. For instance consider

	   sudo ls > /root/somefile

	 will not work since it is the shell that tries to write to that file. You can use

	   ls | sudo tee /root/somefile

	 to get the behaviour you want.

       * In a lot of office environments the ONLY local user on a system is root. All other users  are	imported  using  NSS  techniques  such	as
	 nss-ldap.  To	setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
	 leave the system unusable. An extra local user, or an enabled root password is needed here.

GOING BACK TO A TRADITIONAL ROOT ACCOUNT

       This is not recommended!

       To enable the root account (i.e. set a password) use:

	   sudo passwd root

       Afterwards, edit the sudo configuration with sudo visudo and comment out the line

	   %admin  ALL=(ALL) ALL

       to disable sudo access to members of the admin group.

SEE ALSO

       sudo(8), https://wiki.ubuntu.com/RootSudo

								 February 8, 2006						      sudo_root(8)
All times are GMT -4. The time now is 04:23 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy