07-15-2010
sudo is not tied to SSH in any way beyond strengthening the security of your system. Aside from that, it's possible to restrict the user to use only certain commands (and even to only allow certain options), but it can't restrict access to shell-builtins like cd. Blocking directories will have to be done using permissions and the OS specific ACLs.
10 More Discussions You Might Find Interesting
1. Solaris
I just need to know what should be done on a login user so that no one can access it except through sudo
i.e.
telnet server
login: user
NO ACCESS
telnet server
login: mylogin
sudo - user <any command>
ACCESS GRANTED
thanks (0 Replies)
Discussion started by: melanie_pfefer
0 Replies
2. Linux
Hi All,
I got lots of request with sudo, a manager request, verbal command, do this and do that.
The problem with this kind of request is when I added that script and that. It will not be perfect, it's because I can't verify the userid sudo access, I can't reset their password as well, I... (2 Replies)
Discussion started by: itik
2 Replies
3. Shell Programming and Scripting
Hello All,
I want to create a script that will do ONLY su to any user on the server with hpadmin login using sudo. Can anyone let me know how can it do it.
Regards
Ankit (1 Reply)
Discussion started by: ajaincv
1 Replies
4. UNIX for Dummies Questions & Answers
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies
5. AIX
Hello Folks,
I need help on removing sudo access on one id but first of all, can i confirm that the user below is having sudo access ?
if he did have sudo access, how to remove ?
thanks
alrsprd3:root-/etc> more sudoers | grep fzcx0l
fzcx0l ALL=(ALL) ALL
alrsprd3:root-/etc> (2 Replies)
Discussion started by: wingcross
2 Replies
6. UNIX for Advanced & Expert Users
I want to give root access to a user called denielr on server - tsprd01, but do not want to share root password. I have sudoers configured already.
He should have all access equal to root. I made this entry in /etc/sudoers, but it is not working
denielr tsprd01 =(root) NOPASSWD: ALL
I tried to... (2 Replies)
Discussion started by: solaris_1977
2 Replies
7. Solaris
Install the sudo pkg SFWsudo.tar
bash#tar -xvf SFWsudo.tar
bash#pkgadd -d . SFWsudo
path may be /opt/sfw/bin
Make entry the user name in sudoer file
path of the sudoer file
/opt/sfw/etc/sudoers
check with the below command as a user (not as a root user)
user1$... (1 Reply)
Discussion started by: Narendiran
1 Replies
8. Red Hat
Hi,
I have given access to user mwadmin in shudders file as :
mwadmin ALL:NOPASSWD:/www/* /usr/* /opt/*
However, not able to execute below command:
sudo mkdir -p /usr/test
password for mwadmin:
Sorry, user mwadmin is not allowed to execute '/bin/mkdir -p /usr/test' as root.
... (4 Replies)
Discussion started by: saurau
4 Replies
9. Shell Programming and Scripting
I have similar issue as mentioned in
167174-how-run-script-using-batch-file.html
It works good, but the control is not coming back to source i tried adding exit to remote script.
Thanks,
Suresh (0 Replies)
Discussion started by: snsuresh
0 Replies
10. Solaris
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT CENTOS
git-shell
GIT-SHELL(1) Git Manual GIT-SHELL(1)
NAME
git-shell - Restricted login shell for Git-only SSH access
SYNOPSIS
chsh -s $(command -v git-shell) <user>
git clone <user>@localhost:/path/to/repo.git
ssh <user>@localhost
DESCRIPTION
This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing
the pull/push functionality, plus custom commands present in a subdirectory named git-shell-commands in the user's home directory.
COMMANDS
git shell accepts the following commands after the -c option:
git receive-pack <argument>, git upload-pack <argument>, git upload-archive <argument>
Call the corresponding server-side command to support the client's git push, git fetch, or git archive --remote request.
cvs server
Imitate a CVS server. See git-cvsserver(1).
If a ~/git-shell-commands directory is present, git shell will also handle other, custom commands by running "git-shell-commands/<command>
<arguments>" from the user's home directory.
INTERACTIVE USE
By default, the commands above can be executed only with the -c option; the shell is not interactive.
If a ~/git-shell-commands directory is present, git shell can also be run interactively (with no arguments). If a help command is present
in the git-shell-commands directory, it is run to provide the user with an overview of allowed actions. Then a "git> " prompt is presented
at which one can enter any of the commands from the git-shell-commands directory, or exit to close the connection.
Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or
rename repositories, or change repository descriptions and permissions.
If a no-interactive-login command exists, then it is run and the interactive shell is aborted.
EXAMPLE
To disable interactive logins, displaying a greeting instead:
+
$ chsh -s /usr/bin/git-shell
$ mkdir $HOME/git-shell-commands
$ cat >$HOME/git-shell-commands/no-interactive-login <<EOF
#!/bin/sh
printf '%s
' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s
' "provide interactive shell access."
exit 128
EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login
SEE ALSO
ssh(1), git-daemon(1), contrib/git-shell-commands/README
GIT
Part of the git(1) suite
Git 1.8.3.1 06/10/2014 GIT-SHELL(1)