01-16-2007
Download sudo from sunfreeware.com - that is the best tool for this IMHO. You could probably do a similar thing with RBAC, but sudo would be easier for this.
Cheers
ZB
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi All,
How can i give permission for a specific user ( eg. admin ) ?
I tried with chmod admin+r prog.sh
which doesnt work.
Is there any way i can specify a user's name and give the permission?
Thanks in advance.
Saneesh Joseph. (1 Reply)
Discussion started by: saneeshjose
1 Replies
2. Shell Programming and Scripting
I have some of programs in unix system which are to started with one_user say "xxxx".
I have sudo permission if i start these programs with sudo it shows root permission. But i want these programs permession should be "xxxx".
I tried "su user_name -c Program_name"
but it is not... (3 Replies)
Discussion started by: srikanthus2002
3 Replies
3. UNIX for Dummies Questions & Answers
Hi all,
I created testuser. by following command.
/usr/sbin/adduser -n test -d /disk05/collections/GET/testdata/
and then set its password by following command.
passwd testuser
When I login to system by testuser, it enters everything is ok.
The problem is how to set permission to this... (3 Replies)
Discussion started by: mr_bold
3 Replies
4. AIX
Is there any possible way to give permission to a user to a file whose not a member of that group. Also the permission of the file shouls be given only to that USER but not all OTHERS.
Thanks in Advance for ur replies/suggestions... (5 Replies)
Discussion started by: ksailesh
5 Replies
5. UNIX for Dummies Questions & Answers
I have problem giving user access to his public_html directory.
While when I am logged as root I can access my files by going to
www.myserver.com/file.htmlwhere file.html is actually on this path...
var/www/file.htmlBut when user tries to access his file.html on this path....
~user/file.html it... (10 Replies)
Discussion started by: joker40
10 Replies
6. Solaris
hi guys..
how to give root permission for particular user
tel me step by step (2 Replies)
Discussion started by: coolboys
2 Replies
7. Shell Programming and Scripting
I have a script that do read data for Munin Graph.
My problem is that it have some reading problems, and I do not know how to fix it.
script traf.sh (its not the complete script)#!/bin/sh
PORT="80"
NETDEVICE="eth0"
IPTRAFlogdir="/var/log/iptraf"
... (8 Replies)
Discussion started by: Jotne
8 Replies
8. UNIX for Dummies Questions & Answers
Hi,
I'm newbie to unix.
There is a directory, say Testing/ under /home/user1.
I have created a user by the name check.
I was looking for a way to give the above user read & execute access only to this directory Testing/ while for other remaining files,directories,etc this user... (2 Replies)
Discussion started by: penqueen
2 Replies
9. Red Hat
Hi folks,
I am trying to grant the access like below items using the setfacl command, but i couldn't achieve as what I required. any other possibility.
username : testing
Readonly access in /form_dl/system/prd/logs
Write only access in /form_dl/system/prd/deploy
No access to other... (0 Replies)
Discussion started by: gsiva
0 Replies
10. UNIX for Beginners Questions & Answers
Hi All,
We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
-r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat
So here amgr will have permission to edit the file. We want a... (10 Replies)
Discussion started by: arunkumar_mca
10 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)