06-05-2009
Sudoer Help....
Hi,
When i use command "sudo -l" under my user, it gives me the following list.
(root) NOPASSWD: /bin/chgrp
(root) NOPASSWD: /bin/chmod
(root) NOPASSWD: /bin/chown
(root) NOPASSWD: /bin/mkdir
(root) NOPASSWD: /bin/su - hubsup
(root) NOPASSWD: /bin/su hubsup
(root) NOPASSWD: /bin/vi *.conf
(root) NOPASSWD: /bin/vi *.xml
(root) NOPASSWD: /usr/bin/find
(root) NOPASSWD: /usr/bin/passwd
(hubsup) NOPASSWD: ALL
Actually I am a bit confused for "/bin/su" command access.
For the lines with "/bin/su" , what does this mean exactly ? Does this mean that, I can do "\sudo su - hubsup" OR "\sudo su -l - hubsup" i.e. switching to hubsup user , which won't ask me for any password.
Actually, I tried with "\sudo su - hubsup" OR "\sudo su -l - hubsup" , from my user account, but, I was not able to switch to "hubsup" user.
with command, "\sudo /bin/su - hubsup" , i am getting blank output on the screen. Pressing enter key, is showing "WinSCP: this is end-of-file:0
" again and again. Then, I need to press ctrl+C to come out of the execution.
Can you please help me, in understanding, what is the meaning of "(root) NOPASSWD: /bin/su - hubsup" and how I can make use of "su" command, from my user-account here. (to switch to "hubsup" user)
Please help.
Thanks and Regards,
Jitendriya Dash.
5 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi guys...
how can a root assign a user all or most of the root privileges?
is sudoer comand enough 4 this?
thx alot.. (2 Replies)
Discussion started by: blue_7
2 Replies
2. UNIX for Advanced & Expert Users
I have my sudoers file setup to provide execution of specific directories (/a/s, /a/x, /a/d, /a/e, etc.....) I tried to list just /a/ meaning anything under /a can be executed by specific ids. However, this didn't work. Is there a way to provide rights to an entire directory structure within a... (0 Replies)
Discussion started by: scottsl
0 Replies
3. UNIX for Advanced & Expert Users
Greetings all,
I'm in the midst of writing a login component for a series of shell scripts. What my login script does is this:
1. Prompt for username and read in username
2. Prompt for destination host and read in destination host
3. run ssh username and destination host
4. After user keys... (0 Replies)
Discussion started by: rockysfr
0 Replies
4. UNIX for Advanced & Expert Users
Greetings all,
I'm interested in knowing more about setting up the sudoers file... hope to receive some advice here.
Let's say that I have 3 users, with usernames user1, user2 and user3. The following rules would apply for each user:
user1 can only use the command ksh a.sh to launch... (1 Reply)
Discussion started by: rockysfr
1 Replies
5. Linux
I have notice that when I create a sudoer file in the sudoer.d directory, then if I have a syntax error, I cannot do sudo at all, in all accounts.
Why can't they change the mechanism, so it will ignore syntax error line and will only display error message but won't cause total failure and... (7 Replies)
Discussion started by: programAngel
7 Replies
LEARN ABOUT DEBIAN
0store-secure-add
0STORE-SECURE-ADD(1) 0STORE-SECURE-ADD(1)
NAME
0store-secure-add -- add an implementation to the system cache
SYNOPSIS
0store-secure-add DIGEST
DESCRIPTION
This command imports the current directory into the system-wide shared Zero Install cache, as /var/cache/0install.net/implementa-
tions/DIGEST. This allows a program downloaded by one user to be shared with other users.
The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
file must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
matches its contents.
It is intended that it be safe to grant untrusted users permission to call this command with elevated privileges. To set this up, see
below.
SETTING UP SHARING
To enable sharing, the system administrator should follow these steps:
Create a new system user to own the cache:
adduser --system zeroinst
Create the shared directory, owned by this new user:
mkdir /var/cache/0install.net
chown zeroinst /var/cache/0install.net
Use visudo(8) to add these lines to /etc/sudoers:
Defaults>zeroinst env_reset,always_set_home
ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:
#!/bin/sh
exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null
The other Zero Install programs will call this helper script automatically.
FILES
/var/cache/0install.net/implementations
System-wide Zero Install cache.
LICENSE
Copyright (C) 2009 Thomas Leonard.
You may redistribute copies of this program under the terms of the GNU Lesser General Public License.
BUGS
This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.
The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.
If sudo let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.
Please report bugs to the developer mailing list:
http://0install.net/support.html
AUTHOR
Zero Install was created by Thomas Leonard.
SEE ALSO
0store(1)
The Zero Install web-site:
http://0install.net
Thomas Leonard 2010 0STORE-SECURE-ADD(1)