It would be better if you just didn't allow a user to use the "su" command with sudo. You could add something like this into your /etc/sudoers file to keep them from running the "su" command.
Also, it would be good if you prevented them from using "sudo" to vi the /etc/sudoers file so they can't change your new "better secured" configuration (also in the configuration above). That would be funny if you didn't set it up and they did change your /etc/sudoers file.... anyway, this configuration would allow you to track all their commands via the sudo log.
folks;
I just did setup sudo on Solaris 10 through "sudoer" file.
Now, i try to look at the log files to see any user activities under /var/log/syslog & all i see if someone try to run "sudo -u root tcsh" & got an error or was successful. But i don't see any activities, for example:
if a user... (0 Replies)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I... (0 Replies)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Hello,
Is it possible to configure the sudo log to register the logname instead of
the username?
I mean, if user A logs and su (switch user) to user B and then uses SUDO
to execute commands, the log will register actions of user B. What I need
is to register these actions as being executed... (1 Reply)
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
hi,
i have installed sudo now want to create sudo log file to capture every sudo event like "if any user does sudo and then runs a command line, this all must be captured who did what" kindly assist
plantform:- linux RHEL, soalris 10 (1 Reply)
It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time.
Thanks
$ cat b
Jan 13 17:09:05 SERVER1 bash: user1 as root:
Jan 13 17:09:05 SERVER1 bash: user1 as root:
Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies
LEARN ABOUT X11R4
gzexe
GZEXE(1) General Commands Manual GZEXE(1)NAME
gzexe - compress executable files in place
SYNOPSIS
gzexe name ...
DESCRIPTION
The gzexe utility allows you to compress executables in place and have them automatically uncompress and execute when you run them (at a
penalty in performance). For example if you execute ``gzexe /usr/bin/gdb'' it will create the following two files:
-rwxr-xr-x 1 root root 1026675 Jun 7 13:53 /usr/bin/gdb
-rwxr-xr-x 1 root root 2304524 May 30 13:02 /usr/bin/gdb~
/usr/bin/gdb~ is the original file and /usr/bin/gdb is the self-uncompressing executable file. You can remove /usr/bin/gdb~ once you are
sure that /usr/bin/gdb works properly.
This utility is most useful on systems with very small disks.
OPTIONS -d Decompress the given executables instead of compressing them.
SEE ALSO gzip(1), znew(1), zmore(1), zcmp(1), zforce(1)CAVEATS
The compressed executable is a shell script. This may create some security holes. In particular, the compressed executable relies on the
PATH environment variable to find gzip and some standard utilities (basename, chmod, ln, mkdir, mktemp, rm, sleep, and tail).
BUGS
gzexe attempts to retain the original file attributes on the compressed executable, but you may have to fix them manually in some cases,
using chmod or chown.
GZEXE(1)