Setup SUDO For a User on Linux Server | Unix Linux Forums | UNIX for Advanced & Expert Users

  Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

Setup SUDO For a User on Linux Server

UNIX for Advanced & Expert Users


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 07-23-2010
sureshcisco sureshcisco is offline
Registered User
 
Join Date: Jun 2008
Last Activity: 3 April 2013, 8:26 PM EDT
Posts: 64
Thanks: 3
Thanked 0 Times in 0 Posts
Setup SUDO For a User on Linux Server

Hello! Can anyone please assist:

Question:
On Linux Server I have created two users John and Matt. I want to give both the users the ability to run 'more' and 'tail -f' commands on the log file in the directory /var/log/test.log. I do not want to give them SU rights.

Can any one please assit how to setup sudoers

Thanks in advance.
Sponsored Links
    #2  
Old 07-23-2010
Jakob Jakob is offline
Registered User
 
Join Date: May 2010
Last Activity: 3 August 2012, 10:55 AM EDT
Posts: 17
Thanks: 1
Thanked 1 Time in 1 Post
/etc/sudoers
Sponsored Links
    #3  
Old 07-23-2010
Ikon's Avatar
Ikon Ikon is offline Forum Advisor  
Computer Geek
 
Join Date: Jul 2008
Last Activity: 10 July 2013, 11:06 AM EDT
Location: Frederick, MD
Posts: 748
Thanks: 4
Thanked 10 Times in 9 Posts
What I would do is write a script that displays the log how you want it then add the following to sudoers.


Code:
Cmnd_Alias     MYSCRIPTS=/path/to/script/myscriptname, /path/to/another/script/myotherscript

john    ALL=(ALL) MYSCRIPTS
matt    ALL=(ALL) MYSCRIPTS

The users would have to use the following command then enter their password:


Code:
# sudo /path/to/script/myscriptname

Make sure the users DON'T have write access to the script or they can edit the script and put what ever they want in it.
    #4  
Old 07-23-2010
sureshcisco sureshcisco is offline
Registered User
 
Join Date: Jun 2008
Last Activity: 3 April 2013, 8:26 PM EDT
Posts: 64
Thanks: 3
Thanked 0 Times in 0 Posts
Thank you very much IKON. It works!!!
Sponsored Links
    #5  
Old 07-25-2010
STOIE's Avatar
STOIE STOIE is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 13 April 2014, 9:03 PM EDT
Location: Canberra, Australia
Posts: 44
Thanks: 1
Thanked 0 Times in 0 Posts
Ikon, use a group my boy. hehehe

Standardization is king!

Only reason why I actually think I should mention this is, because at work doing this nearly every day, if you continue to add users into the sudoers file then you may just mistype something and kill sudo sys-wide. Better to have groups you can simply add users to, again, you will still need to initially config sudoers, but, adding more people down the track is easier.

And again, you are supposed to use visudo to get around /etc/sudoers corruption, but, as Jokob mentioned the file itself, manual editing should be as limited as possible.
Sponsored Links
    #6  
Old 07-26-2010
sureshcisco sureshcisco is offline
Registered User
 
Join Date: Jun 2008
Last Activity: 3 April 2013, 8:26 PM EDT
Posts: 64
Thanks: 3
Thanked 0 Times in 0 Posts
The above works great...but how can we restrict the users John and Matt to stop executing the scripts in other directories?

or simply I do not want them to access any directory (and data in them) except the directory the script is saved (for example the script is saved in /tmp).

Thanks.
Sponsored Links
    #7  
Old 07-26-2010
STOIE's Avatar
STOIE STOIE is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 13 April 2014, 9:03 PM EDT
Location: Canberra, Australia
Posts: 44
Thanks: 1
Thanked 0 Times in 0 Posts
Problem is you are allowing them to tail a file, this means they will be able to look at the contents of pretty much anything they want.

for instance:
sudo tail /root/.ssh/authorized_keys

Catch my drift???

I would say chgrp the files you want them to be able to tail, to a newly created group, toss the old group owner into that group and add matt and john to the new group.

This way they can only access the files that you chgrp to the new group.

This seems to becoming more of a permissions question than a sudo question...
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
sudo setup daveisme AIX 3 10-02-2009 06:45 AM
problems in linux mail server setup zedex Linux 1 07-04-2008 02:28 PM
NIM server setup on etherchannel setup environment pdtak AIX 1 05-28-2008 04:54 PM
how to setup a virtual IP to control 2 server load for linux summerpeh Linux 0 01-18-2008 01:56 AM
setup of user a/c in mysql in linux alma UNIX for Dummies Questions & Answers 1 04-19-2007 07:57 PM



All times are GMT -4. The time now is 06:18 PM.