I am more used to Solaris where I would use the ldd command to check that all the libraries are present and correct, the FAQ at: 2.27: Where can I find ldd for AIX?
says where ldd for AIX is available.
To use ldd(1) you would cd to where sudo lives and then run:
Code:
$ ldd ./sudo
This checks all the libraries are present, then run:
Code:
$ ldd -r ./sudo
This will check all the symbols are present, this will show you which libraries you require more up to date versions of.
To make a more up to date library files available to only sudo you can cheat and write a wrapper script that puts the directory where you have put the more up to date libraries first (not one of the normal library directories) in the LD_LIBRARY_PATH and then call sudo $@. This is a kludge in some folks opinions but it works!
Does anyone know if this is possible?
I want to give some users access to root's crontab but only with a read privilege.
Is this possible to do or can only root or people with full root sudo view root's cron? (4 Replies)
HI All,
I am using solaris
i created a user adam and updated his permissions
in vi sudoers file as follows
adam ALL=(ALL) NOPASSWORD: ALL
...........
when i create user by logging as sudo user .
$ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan
sudo: not found
... (6 Replies)
sudo dd if=/dev/sdb1 of="disk-image"
can anyone explain roughly to me is it this code do some recovery from /dev/sdb then output it to "disk-image" ? But then how can i access the "disk-image"? it cannot be read , and it told me its a binary file... (2 Replies)
I am a UNIX user but not an admin. I am asking our admins to create a "sudo" command to allow shutting down our AIX workstations gracefully (without just pulling the plug).
Is there a way to prevent the user from executing "shutdown" on another workstation or server on the network? (2 Replies)
Hi Experts
Do I need to have "Sudo" privileges or user for file movement for file movement from one remote server to another
or from local to remote server?:wall: (6 Replies)
Hi All,
i am trying to ssh to a remote machine and execute certain command to remote machine through script.
i am able to ssh but after its getting hung at the promt and after pressing ctrl +d i am gettin the out put as
expect: spawn id exp5 not open
while executing
"expect "$" {... (3 Replies)
I've found this script part on the stackoverflow:
if ; then
sudo bash "$0" "$@";
exit "$?";
fi
I realized that sudo bash "$0" "$@"; is the only needed for me.
But the strange thing happens when I move this line outside the IF statement:
sudo bash "$0" "$@"; stops the... (9 Replies)
Hey Guys,
I have literally shot my myself in the head...
I tried to use "sudo rm -rf /*" in Terminal (OSX); Unfortunately, I forgot cd Desktop.
After I realized it, I was like :eek:
After that i tried exit; but rm was a background command, so this did not work either...
I came to late for... (5 Replies)
Hello,
I have configured new LDAP and new LDAP clients. When I do "sudo su -", it shows me lot of information, which is not required on screen. I am not sure, if any debug mode is enabled or from where it can be turned off. Please suggest, if it is know for you.
-bash-3.2$ sudo su -
sudo:... (8 Replies)
Discussion started by: solaris_1977
8 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)