05-04-2010
The only way to prevent someone from calling sudo directly is to either remove their permissions or remove the file. Unless you want to have a new compiled executable written for your requirement, your best bet is to simply obscure the sudo function and use a script to call it if a user has entered a reason. You can have a script be executable and not readable.
Thegeek's suggestion to intercept the sudo call is a good one, although I'm not sure an alias will provide the consistency you want since users can simply redefine an alias. You can create a soft link (ln -s source/file destination/sudo) to your script and place the soft link in a location that is earlier in the search path than the sudo app.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I've written a shell script to alter a particular preference file on OS X (10.3.9), which works fine (tested by running the script from the terminal sat in front of the box).
Problem is, I now have to run this script remotely across a number of machines via remote desktop, so where I've used the... (1 Reply)
Discussion started by: Brad_GNET
1 Replies
2. Shell Programming and Scripting
Hi I need to add a comment line at the begining of a text file. The scenario is given below.
1. The number of servers that needs to be updated is around 80
2. The location of the text file in all the servers are the same including the file name.
3. The comment has to be added at the very... (2 Replies)
Discussion started by: orakhan
2 Replies
3. Shell Programming and Scripting
Hello folks
Hope all are fine, I have query need suggestion, if these lines two lines are already commeted no need to do anything, one more thing order of alpha, gama may be different.
I have a two lines in a file data.txt
%checksum
alpha gama beta penta hexa
I want to do... (8 Replies)
Discussion started by: learnbash
8 Replies
4. Shell Programming and Scripting
I need to create an automated script where I have to use sudo to switch to multiple user so the script stops and prompts for password, Is there a way I can provide the password in same command only?
Remember that, I cannot disable the password settings of sudo as I dont have rights. (4 Replies)
Discussion started by: gauravgrover50
4 Replies
5. OS X (Apple)
I'm making a script that will be a double clickable .command file and I need it to prompt for the users admin password.
So far I have:
if ]; then
sudo -p "Please enter your admin password: " date 2>/dev/null 1>&2
if ; then
echo "You entered an invalid password... (2 Replies)
Discussion started by: PatGmac
2 Replies
6. UNIX for Dummies Questions & Answers
test compare shown]
Replace this text with #test compare shown] (1 Reply)
Discussion started by: manoj.b
1 Replies
7. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
8. UNIX for Dummies Questions & Answers
hi,
i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one.
also this needs to be automated like while sudo'ing to... (3 Replies)
Discussion started by: krk
3 Replies
9. Red Hat
I am not sure what I am missing here. I have the following identical entry in /etc/sudoers on multiple Red Hat 6.4 servers.
icinga ALL=NOPASSWD:/usr/bin/yum --security --exclude\="kernel*" check-update
On one server when I enter the command over SSH as follows it works fine.
ssh -t -q... (1 Reply)
Discussion started by: scotbuff
1 Replies
10. AIX
in the /etc/sudoer file this line was added:
wtolentino ALL=(ORACLE) NOPASSWD: /bin/chmod
when i tried to run this command
sudo -u oracle /bin/chmod 775 /appshared/applications/lpa/executables/chrpt001.rep
it prompts me for a password
for example:
$ pwd
/appshared/applications/lpa... (2 Replies)
Discussion started by: wtolentino
2 Replies
MTAIL(1) User Commands MTAIL(1)
NAME
mtail - tail variant designed for web developers monitoring logfiles
SYNOPSIS
mtail [options] <file>...
DESCRIPTION
MonkeyTail allows a user to tail multiple files on both local and remote hosts and clearly marks inactivity by putting 5 newlines in the
output whenever a pause in output over 3 seconds is detected.
MonkeyTail is implemented a fairly simple wrapper script around standard tail, ssh, and sudo.
OPTIONS
-q Quiet mode
--quiet
" "
-n Output the last N lines of each file before tailing (defaults to 0)
<file>...
Files to tail.
These can specified in the following ways:
@<groupname>
- expands the group (from .mtailrc) to a list of
files to tail
<filename>
- tails a local file.
+<filename> - attempts to sudo and tail a local file (will
prompt for pwd if required).
<remotehost>:<filename>
- attempts to invoke tail via ssh on a remote
host.
+<remotehost>:<filename> - attempts to invoke sudo tail via ssh on a
remote host (will prompt for pwd if required).
SEE ALSO
mtailrc(5), tail(1)
AUTHOR
Martyn Smith <martyn@dollyfish.net.nz>
mtail May 2008 MTAIL(1)