The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
sudoers syntax sudoers syntax
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
sudoers tjmannonline UNIX for Dummies Questions & Answers 5 06-13-2009 04:12 AM
Sudoers problems. blane UNIX for Advanced & Expert Users 5 04-09-2008 05:18 PM
sudoers on HP 11.11 dhlopomo UNIX for Dummies Questions & Answers 2 01-18-2008 06:03 AM
sudoers file whatisthis Linux 4 12-02-2004 05:59 PM
/etc/sudoers is mode 0660 pneumeric UNIX for Dummies Questions & Answers 4 10-09-2003 01:14 AM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 04-27-2005
chuckuykendall chuckuykendall is offline
Registered User
  
 

Join Date: Apr 2005
Location: McKinney, TX
Posts: 11
sudoers syntax
I'm stuck with a dilemma. I am trying to control userid's access to the su command in such a way that he will not be able to su to root (su, su -, su root, su - root) but he will be able to su to any other user. I have tried the following syntax:

Code:
userid  ALL=/usr/bin/su ?*, !/usr/bin/su *root*
This catches "su", "su root", and "su - root", but not "su -". I've also tried the follow syntax:

Code:
Cmnd_Alias  SU_TO_ROOT = /usr/bin/su, /usr/bin/su -, /usr/bin/su *root*, /usr/bin/su - *root*
userid  ALL=ALL, !SU_TO_ROOT
This catches all four types of su'ing to root but it also catches all other su attempts, which I would like to leave open. Any suggestions?
  #2 (permalink)  
Old 11-11-2005
scottsl scottsl is offline
Registered User
  
 

Join Date: Nov 2005
Posts: 15
Group Access?
While I've never tried this with *root*, you could make another group called sutoroot and add this to roots list of groups. Then (at least on AIX) you can restrict by group which groups are authorized to su to this user.

Just one thought
  #3 (permalink)  
Old 04-28-2009
salam salam is offline
Registered User
  
 

Join Date: Apr 2009
Posts: 1
You can filter the dash flag with [!-]*

See below:

Code:
# on the alphas, john may su to anyone but root and flags are not allowed
john        ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
(more examples on http://www.gratisoft.us/sudo/sample.sudoers)
Closed Thread

Bookmarks

« how to find default file system | integer user names and user quotas! »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 05:46 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0