01-07-2011
The concept behind SUDO is to allow users to run applications with privileges they normally would not have. So, if you want a user to have access to a command, you would put that command in the sudoers file. Then, by default, the user would not be able to run the other commands with elevated privileges.
I'm not sure how you would prevent a user from using a command with sudo.
HTH
10 More Discussions You Might Find Interesting
1. Linux
Hi,
I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password.
Can someone tell me what's wrong with my file?
It's not working when I 'sudo SHUTDOWN' command:
sudo: SHUTDOWN: command not found
Thanks a lot!
# Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies
2. UNIX for Dummies Questions & Answers
What is the difference between ALL and localhost in the bellow?
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Thank you. (2 Replies)
Discussion started by: hemangjani
2 Replies
3. HP-UX
how can I find cpu usage memory usage swap usage and
I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times
my final destination is monitor process
logical volume usage above X % and number of Logical voluage above
can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies
4. UNIX for Advanced & Expert Users
i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password.
my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp.
Thank you.
... (2 Replies)
Discussion started by: noam128
2 Replies
5. Shell Programming and Scripting
Hi All,
I am new to sudoers file. I am asked to troubleshoot why a particular user (alandhi) is not able to run a script as a different user(scmtg). I have the following line in my sudoers file and the user's name added to the group.
User_Alias QA_USERS = alandhi, testuser1, qauser3
... (3 Replies)
Discussion started by: Tuxidow
3 Replies
6. Cybersecurity
Hi all,
I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want.
Here's what I would like to have:
=> OS Users
- John (group staff)
- Bob (group staff)
- app20adm (group app20grp)
- app70adm (group app70grp)
- sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I was asked to create sudoers file for operation team so they can sudo as another user and run few commands.
I have updated /etc/sudoers file.
User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS,
Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod
Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies
8. UNIX for Dummies Questions & Answers
Hi
using Solaris 10. trying to update /etc/sudoers file
I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message
sudo su -
>>> sudoers file: parse error, line 9 <<<
>>> sudoers file: parse error, line 9 <<<
... (2 Replies)
Discussion started by: samnyc
2 Replies
9. Solaris
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies
10. UNIX for Beginners Questions & Answers
Hi,
I have several employees of whom we have created Linux user ids as below.
fred
mohtashim
jhon
matt
croft
....
$ id
uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Note: All my employee users belong to techx... (3 Replies)
Discussion started by: mohtashims
3 Replies
LEARN ABOUT OPENSOLARIS
pfcsh
pfexec(1) User Commands pfexec(1)
NAME
pfexec, pfsh, pfcsh, pfksh - execute a command in a profile
SYNOPSIS
/usr/bin/pfexec command
/usr/bin/pfexec -P privspec command [ arg ]...
/usr/bin/pfsh [ options ] [ argument ]...
/usr/bin/pfcsh [ options ] [ argument ]...
/usr/bin/pfksh [ options ] [ argument ]...
DESCRIPTION
The pfexec program is used to execute commands with the attributes specified by the user's profiles in the exec_attr(4) database. It is
invoked by the profile shells, pfsh, pfcsh, and pfksh which are linked to the Bourne shell, C shell, and Korn shell, respectively.
Profiles are searched in the order specified in the user's entry in the user_attr(4) database. If the same command appears in more than one
profile, the profile shell uses the first matching entry.
The second form, pfexec -P privspec, allows a user to obtain the additional privileges awarded to the user's profiles in prof_attr(4). The
privileges specification on the commands line is parsed using priv_str_to_set(3C). The resulting privileges are intersected with the union
of the privileges specified using the "privs" keyword in prof_attr(4) for all the user's profiles and added to the inheritable set before
executing the command.
USAGE
pfexec is used to execute commands with predefined process attributes, such as specific user or group IDs.
Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage descriptions of the profile shells.
EXAMPLES
Example 1 Obtaining additional user privileges
example% pfexec -P all chown user file
This command runs chown user file with all privileges assigned to the current user, not necessarily all privileges.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
csh(1), ksh(1), profiles(1), sh(1), exec_attr(4), prof_attr(4), user_attr(4), attributes(5)
SunOS 5.11 3 Mar 2003 pfexec(1)