05-25-2008
Thank you Era, I suspected the prohibit unless permitted policy was going to be my only option. I was hoping that someone had worked some magic so that I didn't need to go down that path since, in my environment, the number of permitted commands far outweighs the number of restricted commands. As they say, the easy way is seldom the right way.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
how do i go about adding a file to sudo so a user name oracle can run the file???
for some reason my man pages dont have anything for sudo.
files sudoers exist in /etc
can anyone help this is urgent
thank you (1 Reply)
Discussion started by: TRUEST
1 Replies
2. UNIX for Advanced & Expert Users
Hi, I was wondering if someone can give me some pointers about configuring SUDO. I am trying to configure SUDO to have about 30 users run about 200 scripts as a different user. I understand that I can create an User_Alias but how do I give that User_Alias rights to run all the scripts in a certain... (5 Replies)
Discussion started by: sajjad02
5 Replies
3. UNIX for Dummies Questions & Answers
Folks;
I have a sudo question:
- I have a real user named "greg" and another generic user named "devuser" & application that must be run like start/stop as "devuser" user.
Is there a way to:
Have user Greg login into the Solaris 10 box as himself then sudo as "devuser" to be able to... (10 Replies)
Discussion started by: Katkota
10 Replies
4. Linux
Hello, I would like to know what should I put on the sudoers file to block a determined group os using just one specific command as root?
He can do anything, but not execute program X, how can I do this?
Thank you very much. (2 Replies)
Discussion started by: Zarnick
2 Replies
5. Ubuntu
Hello all,
Anyone fimilar with su -l command?
So when I do su -l <user> any user it doesn't prompt me for password for that user. How I enable sudo to prompt for password whenever su -l command is used.
Please help!
thanks,
-Lalit
:D (7 Replies)
Discussion started by: email-lalit
7 Replies
6. UNIX for Dummies Questions & Answers
Folks;
I have SUDO configured on my SUSE boxes to allow a specific groups to run specific duties so one group has ALL permission & other group has permission to run a few commands only.
when i look at the sudoer log, i see people login info only,
Is there a way to capture every thing users do... (3 Replies)
Discussion started by: Katkota
3 Replies
7. UNIX for Dummies Questions & Answers
Hello all,
I have a script (script.sh) that is owned and executed by root. Now I need to give another user (user1) sudo access to execute that script.
I edited the /etc/sudoers file, and created the following:
# Runas alias specification
Runas_Alias RO = root
user1 ALL=(RO)... (1 Reply)
Discussion started by: designbc
1 Replies
8. UNIX for Advanced & Expert Users
Hi All
I want to grant elevated privs to a user that will be running a script as a background task. It will be launched from an ssh session via an embedded command in its key that just allows that account to run that script.
I'm reading up on sudo and notice that -
user ALL=(ALL) ALL
... (2 Replies)
Discussion started by: steadyonabix
2 Replies
9. AIX
I am running AIX 6.6.5.115 and am experiencing a problem using sudo. I have shell scripts that I created for our HR user and shell scripts that I created for root administrators. I do have a need to embed a sudo command in the user shell script to run one command as root. However the two... (8 Replies)
Discussion started by: RonDeF
8 Replies
LEARN ABOUT DEBIAN
aa-easyprof
AA-EASYPROF(8) AppArmor AA-EASYPROF(8)
NAME
aa-easyprof - AppArmor profile generation made easy.
SYNOPSIS
aa-easyprof [option] <path to binary>
DESCRIPTION
aa-easyprof provides an easy to use interface for AppArmor policy generation. aa-easyprof supports the use of templates and policy groups
to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the
quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating
policy by hand or with aa-genprof and aa-logprof.
OPTIONS
aa-easyprof accepts the following arguments:
-t TEMPLATE, --template=TEMPLATE
Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the
template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default.
-p POLICYGROUPS, --policy-groups=POLICYGROUPS
Specify POLICY as a comma-separated list of policy groups. See --list-templates for supported policy groups. The available policy
groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar
to AppArmor abstractions, but usually encompass more policy rules.
-a ABSTRACTIONS, --abstractions=ABSTRACTIONS
Specify ABSTRACTIONS as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but
this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions. See apparmor.d(5) for details.
-r PATH, --read-path=PATH
Specify a PATH to allow owner reads. May be specified multiple times. If the PATH ends in a '/', then PATH is treated as a directory
and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the PATH to only allow reads to files
directly in PATH.
-w PATH, --write-dir=PATH
Like --read-path but also allow owner writes in additions to reads.
-n NAME, --name=NAME
Specify NAME of policy. If not specified, NAME is set to the name of the binary. The NAME of the policy is often used as part of the
path in the various templates.
--template-var="@{VAR}=VALUE"
Set VAR to VALUE in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified
multiple times.
--list-templates
List available templates.
--show-template=TEMPLATE
Display template specified with --template.
--templates-dir=PATH
Use PATH instead of system templates directory.
--list-policy-groups
List available policy groups.
--show-policy-group
Display policy groups specified with --policy.
--policy-groups-dir=PATH
Use PATH instead of system policy-groups directory.
--author
Specify author of the policy.
--copyright
Specify copyright of the policy.
--comment
Specify comment for the policy.
EXAMPLE
Example usage for a program named 'foo' which is installed in /opt/foo:
$ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" --policy-groups=opt-application,user-application
/opt/foo/bin/FooApp
BUGS
If you find any additional bugs, please report them to Launchpad at <https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO
apparmor(7) apparmor.d(5)
AppArmor 2.7.103 2012-07-16 AA-EASYPROF(8)