Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: usage of sudoers file?
Operating Systems Solaris usage of sudoers file? Post 302486172 by baluchen on Friday 7th of January 2011 08:15:55 AM
Old 01-07-2011
usage of sudoers file?
All,

I have sudo setup installed on my Soalris 10 box. Everything working fine as expected. I would like to setup granular level access for one of the user

I use Rational Clearcase application which has its own command prompt /usr/atria/bin/cleartool

Once i invloked i can run its subcommand something like

cleartool> (from here it has lots of sub command)

What i need,

Is there anyway i can speficy in sudoers file such that only following sub command can be executed and other sub command cannot be executed.

/usr/atria/bin/cleartool lsvob
/usr/atria/bin/cleartool lsview

Thanks
Bala
 

10 More Discussions You Might Find Interesting

1. Linux

sudoers file

Hi, I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password. Can someone tell me what's wrong with my file? It's not working when I 'sudo SHUTDOWN' command: sudo: SHUTDOWN: command not found Thanks a lot! # Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies

2. UNIX for Dummies Questions & Answers

sudoers file questions

What is the difference between ALL and localhost in the bellow? # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now Thank you. (2 Replies)
Discussion started by: hemangjani
2 Replies

3. HP-UX

how can I find cpu usage memory usage swap usage and logical volume usage

how can I find cpu usage memory usage swap usage and I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times my final destination is monitor process logical volume usage above X % and number of Logical voluage above can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies

4. UNIX for Advanced & Expert Users

sudoers file

i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password. my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp. Thank you. ... (2 Replies)
Discussion started by: noam128
2 Replies

5. Shell Programming and Scripting

Issue with sudoers file.

Hi All, I am new to sudoers file. I am asked to troubleshoot why a particular user (alandhi) is not able to run a script as a different user(scmtg). I have the following line in my sudoers file and the user's name added to the group. User_Alias QA_USERS = alandhi, testuser1, qauser3 ... (3 Replies)
Discussion started by: Tuxidow
3 Replies

6. Cybersecurity

Help with sudoers file - AIX

Hi all, I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want. Here's what I would like to have: => OS Users - John (group staff) - Bob (group staff) - app20adm (group app20grp) - app70adm (group app70grp) - sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies

7. UNIX for Dummies Questions & Answers

Pls. help with sudoers file...

Hi, I was asked to create sudoers file for operation team so they can sudo as another user and run few commands. I have updated /etc/sudoers file. User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS, Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies

8. UNIX for Dummies Questions & Answers

Help with Sudoers file

Hi using Solaris 10. trying to update /etc/sudoers file I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message sudo su - >>> sudoers file: parse error, line 9 <<< >>> sudoers file: parse error, line 9 <<< ... (2 Replies)
Discussion started by: samnyc
2 Replies

9. Solaris

Sudoers file

In the sudoers file in Solaris... I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies

10. UNIX for Beginners Questions & Answers

How to setup sudoers file ?

Hi, I have several employees of whom we have created Linux user ids as below. fred mohtashim jhon matt croft .... $ id uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Note: All my employee users belong to techx... (3 Replies)
Discussion started by: mohtashims
3 Replies

LEARN ABOUT CENTOS

games_srv_selinux

games_srv_selinux(8)					     SELinux Policy games_srv					      games_srv_selinux(8)

NAME

       games_srv_selinux - Security Enhanced Linux Policy for the games_srv processes

DESCRIPTION

       Security-Enhanced Linux secures the games_srv processes via flexible mandatory access control.

       The  games_srv  processes  execute with the games_srv_t SELinux type. You can check if you have these processes running by executing the ps
       command with the -Z qualifier.

       For example:

       ps -eZ | grep games_srv_t

ENTRYPOINTS

       The games_srv_t SELinux type can be entered via the games_exec_t file type.

       The default entrypoint paths for the games_srv_t domain are the following:

       /usr/games/.*, /usr/lib/games(/.*)?, /usr/bin/civclient.*, /usr/bin/civserver.*, /usr/bin/sol, /usr/bin/kolf, /usr/bin/kpat, /usr/bin/micq,
       /usr/bin/gnect,	 /usr/bin/gtali,   /usr/bin/iagno,   /usr/bin/ksame,   /usr/bin/ktron,	/usr/bin/kwin4,  /usr/bin/lskat,  /usr/bin/gataxx,
       /usr/bin/glines, /usr/bin/klines, /usr/bin/kmines, /usr/bin/kpoker, /usr/bin/ksnake, /usr/bin/gnomine, /usr/bin/gnotski,  /usr/bin/katomic,
       /usr/bin/kbounce,   /usr/bin/kshisen,   /usr/bin/ksirtet,   /usr/bin/atlantik,	/usr/bin/gnibbles,  /usr/bin/gnobots2,	/usr/bin/kenolaba,
       /usr/bin/klickety, /usr/bin/konquest,  /usr/bin/kreversi,  /usr/bin/ksokoban,  /usr/bin/mahjongg,  /usr/bin/blackjack,  /usr/bin/gnotravex,
       /usr/bin/kblackbox,  /usr/bin/kfouleggs,  /usr/bin/kmahjongg,  /usr/bin/kwin4proc,  /usr/bin/lskatproc,	/usr/bin/Maelstrom,  /usr/bin/kas-
       teroids, /usr/bin/ksmiletris, /usr/bin/kspaceduel, /usr/bin/ktuberling,	/usr/bin/same-gnome,  /usr/bin/kbackgammon,  /usr/bin/kbattleship,
       /usr/bin/kgoldrunner, /usr/bin/gnome-stones, /usr/bin/kjumpingcube

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy  governs	the  access  confined  processes  have	to files.  SELinux games_srv policy is very flexible allowing users to setup their
       games_srv processes in as secure a method as possible.

       The following process types are defined for games_srv:

       games_srv_t

       Note: semanage permissive -a games_srv_t can be used to make the process type games_srv_t permissive. SELinux does not deny access to  per-
       missive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux	policy is customizable based on least access required.	games_srv policy is extremely flexible and has several booleans that allow
       you to manipulate the policy and run games_srv with the tightest access possible.

       If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If you want to deny any process from ptracing or debugging any other processes, you must  turn  on  the	deny_ptrace  boolean.  Enabled	by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If  you	want  to  allow  all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

MANAGED FILES

       The SELinux process type games_srv_t can manage files labeled with the following file types.  The paths listed are the  default	paths  for
       these file types.  Note the processes UID still need to have DAC permissions.

       games_data_t

	    /var/games(/.*)?
	    /var/lib/games(/.*)?

       games_srv_var_run_t

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), games_srv(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

games_srv							     14-06-10						      games_srv_selinux(8)
All times are GMT -4. The time now is 05:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy