Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: sudo user access
Operating Systems AIX sudo user access Post 302437632 by pludi on Thursday 15th of July 2010 03:39:39 PM
Old 07-15-2010
sudo is not tied to SSH in any way beyond strengthening the security of your system. Aside from that, it's possible to restrict the user to use only certain commands (and even to only allow certain options), but it can't restrict access to shell-builtins like cd. Blocking directories will have to be done using permissions and the OS specific ACLs.
 

10 More Discussions You Might Find Interesting

1. Solaris

secure access using sudo

I just need to know what should be done on a login user so that no one can access it except through sudo i.e. telnet server login: user NO ACCESS telnet server login: mylogin sudo - user <any command> ACCESS GRANTED thanks (0 Replies)
Discussion started by: melanie_pfefer
0 Replies

2. Linux

sudo access verification

Hi All, I got lots of request with sudo, a manager request, verbal command, do this and do that. The problem with this kind of request is when I added that script and that. It will not be perfect, it's because I can't verify the userid sudo access, I can't reset their password as well, I... (2 Replies)
Discussion started by: itik
2 Replies

3. Shell Programming and Scripting

ONLY SU Sudo access

Hello All, I want to create a script that will do ONLY su to any user on the server with hpadmin login using sudo. Can anyone let me know how can it do it. Regards Ankit (1 Reply)
Discussion started by: ajaincv
1 Replies

4. UNIX for Dummies Questions & Answers

sudo/root access

I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'. I tried and got a error message like "not allowed". After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well. Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies

5. AIX

how to remove sudo access from a user ?

Hello Folks, I need help on removing sudo access on one id but first of all, can i confirm that the user below is having sudo access ? if he did have sudo access, how to remove ? thanks alrsprd3:root-/etc> more sudoers | grep fzcx0l fzcx0l ALL=(ALL) ALL alrsprd3:root-/etc> (2 Replies)
Discussion started by: wingcross
2 Replies

6. UNIX for Advanced & Expert Users

Help needed in sudo access

I want to give root access to a user called denielr on server - tsprd01, but do not want to share root password. I have sudoers configured already. He should have all access equal to root. I made this entry in /etc/sudoers, but it is not working denielr tsprd01 =(root) NOPASSWD: ALL I tried to... (2 Replies)
Discussion started by: solaris_1977
2 Replies

7. Solaris

Sudo access in Solaris

Install the sudo pkg SFWsudo.tar bash#tar -xvf SFWsudo.tar bash#pkgadd -d . SFWsudo path may be /opt/sfw/bin Make entry the user name in sudoer file path of the sudoer file /opt/sfw/etc/sudoers check with the below command as a user (not as a root user) user1$... (1 Reply)
Discussion started by: Narendiran
1 Replies

8. Red Hat

Sudo access issue

Hi, I have given access to user mwadmin in shudders file as : mwadmin ALL:NOPASSWD:/www/* /usr/* /opt/* However, not able to execute below command: sudo mkdir -p /usr/test password for mwadmin: Sorry, user mwadmin is not allowed to execute '/bin/mkdir -p /usr/test' as root. ... (4 Replies)
Discussion started by: saurau
4 Replies

9. Shell Programming and Scripting

Using plink with sudo access

I have similar issue as mentioned in 167174-how-run-script-using-batch-file.html It works good, but the control is not coming back to source i tried adding exit to remote script. Thanks, Suresh (0 Replies)
Discussion started by: snsuresh
0 Replies

10. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT HPUX

getacl

getacl(1)						      General Commands Manual							 getacl(1)

NAME

       getacl - list access control lists (ACLs) for files (JFS File Systems only)

SYNOPSIS

       file...

DESCRIPTION

       For  each  argument that is a regular file, special file, or named pipe, displays the owner, group, and the Access Control List (ACL).  For
       each directory argument, displays the owner, group, and the ACL and/or the default ACL.	Only directories contain default ACLs.

       With the option specified, the filename, owner, group, and the ACL of the file will be displayed.  With the option specified, the filename,
       owner,  group,  and  the default ACL of the file, if it exists, will be displayed.  With options not specified, the filename, owner, group,
       and both the ACL, and the default ACL, if it exists, will be displayed.

       This command may be executed on a file system that does not support ACLs.  It will report the ACL consisting of only the owning user,  own-
       ing group, class and other entries, based on the permission bits.

       When multiple files are specified on the command line, a blank line will separate the ACL for each file.

   Options
       The command recognizes the following options:

	      Displays the filename, owner, group, and the ACL of the specified file.

	      Displays the the filename, owner, group, and the default
		     ACL of the file, if it exists.

   Operands
       The command recognizes the following operand:

	      file   The file or directory from which retrieves the access control information.

   ACL Format
       The format of an ACL is:

       The  first  three lines show the filename, the file owner, and the file owning group.  Note that when only the option is specified, and the
       file has no default ACL, only these three lines will be displayed.

       The entry without a user ID indicates the permissions that will be granted to the owner of the file.  One or more additional entries  indi-
       cate the permissions that will be granted to the specified users.  The entry without a group identifier indicates the permissions that will
       be granted to the owning group of the file.  One or more additional entries indicate the permissions that will be granted to the  specified
       groups.	The entry indicates the permissions that will be granted to others.

       The  entries  and may only exist for directories, and indicate the default user, group, and other entries that will be added to a file cre-
       ated within the directory.

       The uid is a login name, or a user ID if there is no entry for the uid in the system's password file; gid is a group name, or a group ID if
       there  is  no  entry  for the gid in the system's group file; and perm is a three character string composed of the letters representing the
       separate discretionary access rights: (read), (write), (execute/search), or the placeholder character The perm will  be	displayed  in  the
       following order: If a permission is not granted by an ACL entry, the placeholder character will appear.

       The  ACL entries will be displayed in the order in which they will be evaluated when an access check is performed.  The default ACL entries
       that may exist on a directory have no effect on access checks.

       The file owner permission bits represent the access that the owning user ACL entry has.	The file group class permission bits represent the
       most  access  that  any additional user entry, additional group entry, or the owning group entry may grant.  The file other permission bits
       represent the access that the other ACL entry has.  If a user invokes the command and changes the file group  class  permission	bits,  the
       access granted by the additional ACL entries may be restricted.

       In  order to indicate that the file group class permission bits restrict an ACL entry, will display, after each affected entry, text in the
       form , where perm will show only the permissions actually granted.

EXAMPLES

       Given file with an ACL six entries long, the command

       would print:

       Given file with an ACL six entries long, after the command was issued, the command

       would print:

       Given directory with an ACL containing default entries, the command

       would print:

       Given directory the command

       would print:

NOTICES

       The output from will be in the correct format for input to the command.	If the output from is redirected to a file, the file may  be  used
       as input to In this way, a user may easily assign one file's ACL to another file.

FILES

       for user IDs
       for group IDs

SEE ALSO

       chmod(1), ls(1), setacl(1).  acl(2), aclsort(3C).

																	 getacl(1)
All times are GMT -4. The time now is 08:09 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy