01-19-2013
Hi,
Thanks for answers.
Full sudo is for server administrators, but sometimes there are some people who don`t understand what they are doing or just making mistakes.
Also other thing is that, root activities are not logged, but sudo activities are logged under /var/log/secure. How to fight against it?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
After Configuring a brand new netraT1, It appears, the only way you can log in as root is throught the Serial Port (console). I believe there is a file in /etc which can be edited to allow root to access login via other methods
eg: telnet, ssh, etc.
My Question:
Which file contains... (2 Replies)
Discussion started by: SmartJuniorUnix
2 Replies
2. Shell Programming and Scripting
I am writing a script that has some tasks that must be run as root, then set of tasks to be run as normal user, then again as root.
is there a way to switch between users in a script?
any other alternatives?
thx (3 Replies)
Discussion started by: melanie_pfefer
3 Replies
3. Shell Programming and Scripting
Good day Guys!!!
I am currently making a script in AIX, the script runs a SAS job, the owner of the script is the root, but the SAS jobs cannot be run by the root, as it should be run by a user 'sasia'. But inside the script, root creates a logfile, so what I need is just to su to sasia for the... (3 Replies)
Discussion started by: sasia
3 Replies
4. Solaris
I couldnt find this in any other post - so hoping someone can help out.
I want to set password expiry (or rather I have to) for a number of users on my solaris 9 system. I know i can set the following options in the /etc/default/passwd file to do it and then just type a passwd -f <username> to... (6 Replies)
Discussion started by: frustrated1
6 Replies
5. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
6. Linux
Hi Guys....
I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies
7. UNIX for Dummies Questions & Answers
I have already disabled root login over the ssh by modifying /etc/ssh/sshd_config.
But how would i disable root login on a server itself.
We have implemented LDAP in our environment and our security guide states that root login must be obtained by first logging into the host using his/her own... (2 Replies)
Discussion started by: pinga123
2 Replies
8. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
9. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
10. UNIX for Dummies Questions & Answers
Whenever i switch from root to another user, by doing su - user, it takes me to home directory of user. This is very annoying as i want to be in same dir to run different commands as root sometimes and sometimes as normal user.
How to fix this? (1 Reply)
Discussion started by: syncmaster
1 Replies
LEARN ABOUT DEBIAN
0store-secure-add
0STORE-SECURE-ADD(1) 0STORE-SECURE-ADD(1)
NAME
0store-secure-add -- add an implementation to the system cache
SYNOPSIS
0store-secure-add DIGEST
DESCRIPTION
This command imports the current directory into the system-wide shared Zero Install cache, as /var/cache/0install.net/implementa-
tions/DIGEST. This allows a program downloaded by one user to be shared with other users.
The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
file must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
matches its contents.
It is intended that it be safe to grant untrusted users permission to call this command with elevated privileges. To set this up, see
below.
SETTING UP SHARING
To enable sharing, the system administrator should follow these steps:
Create a new system user to own the cache:
adduser --system zeroinst
Create the shared directory, owned by this new user:
mkdir /var/cache/0install.net
chown zeroinst /var/cache/0install.net
Use visudo(8) to add these lines to /etc/sudoers:
Defaults>zeroinst env_reset,always_set_home
ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:
#!/bin/sh
exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null
The other Zero Install programs will call this helper script automatically.
FILES
/var/cache/0install.net/implementations
System-wide Zero Install cache.
LICENSE
Copyright (C) 2009 Thomas Leonard.
You may redistribute copies of this program under the terms of the GNU Lesser General Public License.
BUGS
This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.
The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.
If sudo let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.
Please report bugs to the developer mailing list:
http://0install.net/support.html
AUTHOR
Zero Install was created by Thomas Leonard.
SEE ALSO
0store(1)
The Zero Install web-site:
http://0install.net
Thomas Leonard 2010 0STORE-SECURE-ADD(1)