Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo question
Special Forums Cybersecurity sudo question Post 302198958 by melias on Sunday 25th of May 2008 09:17:42 AM
Old 05-25-2008
Thank you Era, I suspected the prohibit unless permitted policy was going to be my only option. I was hoping that someone had worked some magic so that I didn't need to go down that path since, in my environment, the number of permitted commands far outweighs the number of restricted commands. As they say, the easy way is seldom the right way.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudo question

how do i go about adding a file to sudo so a user name oracle can run the file??? for some reason my man pages dont have anything for sudo. files sudoers exist in /etc can anyone help this is urgent thank you (1 Reply)
Discussion started by: TRUEST
1 Replies

2. UNIX for Advanced & Expert Users

SUDO question - please help

Hi, I was wondering if someone can give me some pointers about configuring SUDO. I am trying to configure SUDO to have about 30 users run about 200 scripts as a different user. I understand that I can create an User_Alias but how do I give that User_Alias rights to run all the scripts in a certain... (5 Replies)
Discussion started by: sajjad02
5 Replies

3. UNIX for Dummies Questions & Answers

Sudo question

Folks; I have a sudo question: - I have a real user named "greg" and another generic user named "devuser" & application that must be run like start/stop as "devuser" user. Is there a way to: Have user Greg login into the Solaris 10 box as himself then sudo as "devuser" to be able to... (10 Replies)
Discussion started by: Katkota
10 Replies

4. Linux

Sudo question

Hello, I would like to know what should I put on the sudoers file to block a determined group os using just one specific command as root? He can do anything, but not execute program X, how can I do this? Thank you very much. (2 Replies)
Discussion started by: Zarnick
2 Replies

5. Ubuntu

sudo question.

Hello all, Anyone fimilar with su -l command? So when I do su -l <user> any user it doesn't prompt me for password for that user. How I enable sudo to prompt for password whenever su -l command is used. Please help! thanks, -Lalit :D (7 Replies)
Discussion started by: email-lalit
7 Replies

6. UNIX for Dummies Questions & Answers

Sudo question

Folks; I have SUDO configured on my SUSE boxes to allow a specific groups to run specific duties so one group has ALL permission & other group has permission to run a few commands only. when i look at the sudoer log, i see people login info only, Is there a way to capture every thing users do... (3 Replies)
Discussion started by: Katkota
3 Replies

7. UNIX for Dummies Questions & Answers

Question about sudo

Hello all, I have a script (script.sh) that is owned and executed by root. Now I need to give another user (user1) sudo access to execute that script. I edited the /etc/sudoers file, and created the following: # Runas alias specification Runas_Alias RO = root user1 ALL=(RO)... (1 Reply)
Discussion started by: designbc
1 Replies

8. UNIX for Advanced & Expert Users

Sudo question

Hi All I want to grant elevated privs to a user that will be running a script as a background task. It will be launched from an ssh session via an embedded command in its key that just allows that account to run that script. I'm reading up on sudo and notice that - user ALL=(ALL) ALL ... (2 Replies)
Discussion started by: steadyonabix
2 Replies

9. AIX

Sudo question

I am running AIX 6.6.5.115 and am experiencing a problem using sudo. I have shell scripts that I created for our HR user and shell scripts that I created for root administrators. I do have a need to embed a sudo command in the user shell script to run one command as root. However the two... (8 Replies)
Discussion started by: RonDeF
8 Replies

LEARN ABOUT DEBIAN

aa-easyprof

AA-EASYPROF(8)							     AppArmor							    AA-EASYPROF(8)

NAME

       aa-easyprof - AppArmor profile generation made easy.

SYNOPSIS

       aa-easyprof [option] <path to binary>

DESCRIPTION

       aa-easyprof provides an easy to use interface for AppArmor policy generation. aa-easyprof supports the use of templates and policy groups
       to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the
       quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating
       policy by hand or with aa-genprof and aa-logprof.

OPTIONS

       aa-easyprof accepts the following arguments:

       -t TEMPLATE, --template=TEMPLATE
	   Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the
	   template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default.

       -p POLICYGROUPS, --policy-groups=POLICYGROUPS
	   Specify POLICY as a comma-separated list of policy groups. See --list-templates for supported policy groups. The available policy
	   groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar
	   to AppArmor abstractions, but usually encompass more policy rules.

       -a ABSTRACTIONS, --abstractions=ABSTRACTIONS
	   Specify ABSTRACTIONS as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but
	   this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions.  See apparmor.d(5) for details.

       -r PATH, --read-path=PATH
	   Specify a PATH to allow owner reads. May be specified multiple times. If the PATH ends in a '/', then PATH is treated as a directory
	   and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the PATH to only allow reads to files
	   directly in PATH.

       -w PATH, --write-dir=PATH
	   Like --read-path but also allow owner writes in additions to reads.

       -n NAME, --name=NAME
	   Specify NAME of policy. If not specified, NAME is set to the name of the binary. The NAME of the policy is often used as part of the
	   path in the various templates.

       --template-var="@{VAR}=VALUE"
	   Set VAR to VALUE in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified
	   multiple times.

       --list-templates
	   List available templates.

       --show-template=TEMPLATE
	   Display template specified with --template.

       --templates-dir=PATH
	   Use PATH instead of system templates directory.

       --list-policy-groups
	   List available policy groups.

       --show-policy-group
	   Display policy groups specified with --policy.

       --policy-groups-dir=PATH
	   Use PATH instead of system policy-groups directory.

       --author
	   Specify author of the policy.

       --copyright
	   Specify copyright of the policy.

       --comment
	   Specify comment for the policy.

EXAMPLE

       Example usage for a program named 'foo' which is installed in /opt/foo:

	   $ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" --policy-groups=opt-application,user-application
	   /opt/foo/bin/FooApp

BUGS

       If you find any additional bugs, please report them to Launchpad at <https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

       apparmor(7) apparmor.d(5)

AppArmor 2.7.103						    2012-07-16							    AA-EASYPROF(8)
All times are GMT -4. The time now is 01:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy