Sudoer Help.... Post: 302322979

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Sudoer Help.... Post 302322979 by jitendriya.dash on Friday 5th of June 2009 03:39:21 AM

06-05-2009

Registered User

Sudoer Help....

Hi,

When i use command "sudo -l" under my user, it gives me the following list.

(root) NOPASSWD: /bin/chgrp
(root) NOPASSWD: /bin/chmod
(root) NOPASSWD: /bin/chown
(root) NOPASSWD: /bin/mkdir
(root) NOPASSWD: /bin/su - hubsup
(root) NOPASSWD: /bin/su hubsup
(root) NOPASSWD: /bin/vi *.conf
(root) NOPASSWD: /bin/vi *.xml
(root) NOPASSWD: /usr/bin/find
(root) NOPASSWD: /usr/bin/passwd

(hubsup) NOPASSWD: ALL

Actually I am a bit confused for "/bin/su" command access.

For the lines with "/bin/su" , what does this mean exactly ? Does this mean that, I can do "\sudo su - hubsup" OR "\sudo su -l - hubsup" i.e. switching to hubsup user , which won't ask me for any password.

Actually, I tried with "\sudo su - hubsup" OR "\sudo su -l - hubsup" , from my user account, but, I was not able to switch to "hubsup" user.

with command, "\sudo /bin/su - hubsup" , i am getting blank output on the screen. Pressing enter key, is showing "WinSCP: this is end-of-file:0
" again and again. Then, I need to press ctrl+C to come out of the execution.

Can you please help me, in understanding, what is the meaning of "(root) NOPASSWD: /bin/su - hubsup" and how I can make use of "su" command, from my user-account here. (to switch to "hubsup" user)

Please help.

Thanks and Regards,

Jitendriya Dash.

jitendriya.dash

View Public Profile for jitendriya.dash

Find all posts by jitendriya.dash

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Root privileges &Sudoer

Hi guys... how can a root assign a user all or most of the root privileges? is sudoer comand enough 4 this? thx alot..

2. UNIX for Advanced & Expert Users

Another SUDOER Question...

I have my sudoers file setup to provide execution of specific directories (/a/s, /a/x, /a/d, /a/e, etc.....) I tried to list just /a/ meaning anything under /a can be executed by specific ids. However, this didn't work. Is there a way to provide rights to an entire directory structure within a...

3. UNIX for Advanced & Expert Users

Use of sudoer with ssh login shell script (KSH)

Greetings all, I'm in the midst of writing a login component for a series of shell scripts. What my login script does is this: 1. Prompt for username and read in username 2. Prompt for destination host and read in destination host 3. run ssh username and destination host 4. After user keys...

4. UNIX for Advanced & Expert Users

Sudoer file - controlling parameters

Greetings all, I'm interested in knowing more about setting up the sudoers file... hope to receive some advice here. Let's say that I have 3 users, with usernames user1, user2 and user3. The following rules would apply for each user: user1 can only use the command ksh a.sh to launch...

5. Linux

Syntax error in one line in sudoer file cause total failure

I have notice that when I create a sudoer file in the sudoer.d directory, then if I have a syntax error, I cannot do sudo at all, in all accounts. Why can't they change the mechanism, so it will ignore syntax error line and will only display error message but won't cause total failure and...

LEARN ABOUT DEBIAN

0store-secure-add

0STORE-SECURE-ADD(1)													      0STORE-SECURE-ADD(1)

NAME

       0store-secure-add -- add an implementation to the system cache

SYNOPSIS

       0store-secure-add DIGEST

DESCRIPTION

       This  command  imports  the  current  directory	into  the  system-wide	shared	Zero Install cache, as /var/cache/0install.net/implementa-
       tions/DIGEST.  This allows a program downloaded by one user to be shared with other users.

       The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
       file  must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
       matches its contents.

       It is intended that it be safe to grant untrusted users permission to call this command with elevated  privileges.  To  set  this  up,  see
       below.

SETTING UP SHARING

       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The other Zero Install programs will call this helper script automatically.

FILES

       /var/cache/0install.net/implementations
	      System-wide Zero Install cache.

LICENSE

       Copyright (C) 2009 Thomas Leonard.

       You may redistribute copies of this program under the terms of the GNU Lesser General Public License.

BUGS

       This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.

       The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.

       If  sudo  let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
       script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html

AUTHOR

       Zero Install was created by Thomas Leonard.

SEE ALSO

       0store(1)

       The Zero Install web-site:

       http://0install.net

Thomas Leonard							       2010						      0STORE-SECURE-ADD(1)