03-19-2008
Possible to give sudo access to subdirectories?
Say I want to give someone access to /example/directory/* where * equals all the sub directories inside of /example/directory
I tried doing something like
joe DEV1=(ROOT) /example/directory/
But that doesn't seem to want to work. If I give him the full subdirectory path, like..
joe DEV1=(ROOT) /example/directory/something/apache/
He can run everything but I'd like to make it a little broader than that.
Is this possible with sudo?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello,
I'm trying to figure out how to prevent this find command from accessing this diretories's subdirectories!
I tried the maxdepth and prune but they don't seem to work on SUN. So now i'm trying to set up a nawk command to not process any files that have "REVISED" in there name:
find... (3 Replies)
Discussion started by: bobk544
3 Replies
2. UNIX for Dummies Questions & Answers
I am new to UNIX administration. I have 10 years of Windows admin experience. I need to know how to give java developers the access they need to install and maintain the applications they are writing. In the Windows world I would make them a local admin on a test server but give them limited... (4 Replies)
Discussion started by: gsander
4 Replies
3. UNIX for Advanced & Expert Users
Hi all,
How can i give ftp access to single user on solaris9 system? others should not have the ftp access. i know about ftpusers file in /etc/ftpd but still what about if so many new users are created daily?
And now for that single user how can we restict him to ftp the files only from... (2 Replies)
Discussion started by: santhoshkumar_d
2 Replies
4. UNIX for Dummies Questions & Answers
Does anyone know if this is possible?
I want to give some users access to root's crontab but only with a read privilege.
Is this possible to do or can only root or people with full root sudo view root's cron? (4 Replies)
Discussion started by: LordJezoX
4 Replies
5. SCO
Hello,
I have recently taken over administration of a Sco Unixware server (Version 7.1.4), but have no previous experience with Unix.
I now have the following problem: Most computers on the network are unable to Telnet to the Unix server but some PCs with privileged users can, which is... (7 Replies)
Discussion started by: nicke75
7 Replies
6. Shell Programming and Scripting
Hello All,
I want to create a script that will do ONLY su to any user on the server with hpadmin login using sudo. Can anyone let me know how can it do it.
Regards
Ankit (1 Reply)
Discussion started by: ajaincv
1 Replies
7. Solaris
Hi all,
In Solaris , What entry should I add in my .profile file in home directory so that every time I don't have to give
Sudo's full path like
/usr/local/bin/sudo as well as /usr/sbin/ping
and it will be Great help if you could tell me how to know what should be added.
Please Advice.... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
8. Solaris
Hi,
I am using solaris 10. Requirement is I need to give sudo access to the normal id's to the application userid.
Example:I have an personal id calle "rzynv5" on the solaris server.I have an application id called "gmdidp".Requirement here is when user logged in as rzynv5 next thing he... (4 Replies)
Discussion started by: muraliinfy04
4 Replies
9. Shell Programming and Scripting
Can some one please let me know a script which gives the user sudo permissions?
Thanks in advance.... (6 Replies)
Discussion started by: Revanth547
6 Replies
10. Shell Programming and Scripting
Hi Expert,
I have a .sh script in my home/new_dir/script.sh
This script creates number of output files at home/new_dir/email, home/new_dir/logs dir.
I am running this script using crontab (owner root).
Now this output files are getting created with
rw-r----- 1 root root
So if i... (2 Replies)
Discussion started by: Jeet1982
2 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)