01-23-2007
HTML Code:
su kanth -c program
it asks password which i don't know but i have sudo permissions
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello Unix Champs,
For keeping audit trail, I want to log the commands entered by the normal users, on their terminal into a text file.
I tried putting a "script -a username.timestamp.txt" in the user profile file, but script command stops execution when user types exit or presses CTRL+D... (3 Replies)
Discussion started by: bhaven.haria
3 Replies
2. Solaris
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U... (3 Replies)
Discussion started by: naree
3 Replies
3. Solaris
Hi all
I want to know the commands executed a by particular user .. for the whole day on my machine.
I have checked out with the commad
$lastcomm <user>
It is throwing an error called: ..
/var/adm/pacct: No such file or directory
Can u help me in this regard..
Thank U
Naree (1 Reply)
Discussion started by: naree
1 Replies
4. Solaris
hi
i want to display the usernames,usergroups user permissions and user home directory's with in a single command.and possibities are their for getting this output .. (9 Replies)
Discussion started by: tv.praveenkumar
9 Replies
5. UNIX for Dummies Questions & Answers
i know about ls, I know.... but some of our shares have a long messy list of acls and it is a lot to sort through.. without a grep option, unless you have a really nice one, is there a simple way to say: show me <USER> acl permissions on <SHARE> ? (1 Reply)
Discussion started by: glev2005
1 Replies
6. AIX
Hi
Script not getting executed via cron but executes successfully when executed manually. Please assist
cbspsap01(appuser) /app/scripts > cat restart.sh
#!/bin/ksh
cd /app/bin
date >>logfile.out
echo "Restart has been started....." >>logfile.out
date >>logfile.out
initfnsw -y restart... (3 Replies)
Discussion started by: samsungsamsung
3 Replies
7. Shell Programming and Scripting
Hi, i'm using a Unix machine. I login as root. when i create new users using useradd -m <user_name> their home directories will be created in /home/ directory with default permissons of 750. i.e., drwxr-x---
how can i change these default permissions..??
which file to access and what changes i... (2 Replies)
Discussion started by: sandeepyes
2 Replies
8. Shell Programming and Scripting
Hi,
i have requirement to find logged in user based on process id. i have below scenario.
1. all my users will logon to unix box using ssh from windows system.
2. after successful logon they will sudo to common user. ex. sudo -su edadm
lot of users are executing jobs from edadm user and... (2 Replies)
Discussion started by: tmalik79
2 Replies
9. HP-UX
All team members has sudo access to user "batch55".
Need to track all the commands used by team members after sudo to "batch55".
Using HP-UX and ksh shell in our environment.
How can i acheive this?
Thanks In Advance. (2 Replies)
Discussion started by: venkatababu
2 Replies
10. UNIX for Beginners Questions & Answers
Hi Team,
Please help me with the below question.
SunOS 5.10
Shell: -bash
I am trying to find the original user who executed a command on my development server.
In my dev server users login using their personal id and sudo to a common id using 'sudo -u commonid -i'. Once logged in as... (6 Replies)
Discussion started by: sam99
6 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)