Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: usage of sudoers file?
Operating Systems Solaris usage of sudoers file? Post 302486200 by pludi on Friday 7th of January 2011 10:30:27 AM
Old 01-07-2011
If you specify a command with options/parameters, the associated user(s)/group(s) can only run this command with these exact parameters. If you further specify the path, only this exact command can be run.

An example:
Code:
user1 ALL=NOPASSWD: /usr/atria/bin/cleartool lsvob, /usr/atria/bin/cleartool lsview

This will allow user1 to run these two commands as they are without a password. It will not allow any other command, or running cleartool without a command line argument.
 

10 More Discussions You Might Find Interesting

1. Linux

sudoers file

Hi, I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password. Can someone tell me what's wrong with my file? It's not working when I 'sudo SHUTDOWN' command: sudo: SHUTDOWN: command not found Thanks a lot! # Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies

2. UNIX for Dummies Questions & Answers

sudoers file questions

What is the difference between ALL and localhost in the bellow? # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now Thank you. (2 Replies)
Discussion started by: hemangjani
2 Replies

3. HP-UX

how can I find cpu usage memory usage swap usage and logical volume usage

how can I find cpu usage memory usage swap usage and I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times my final destination is monitor process logical volume usage above X % and number of Logical voluage above can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies

4. UNIX for Advanced & Expert Users

sudoers file

i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password. my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp. Thank you. ... (2 Replies)
Discussion started by: noam128
2 Replies

5. Shell Programming and Scripting

Issue with sudoers file.

Hi All, I am new to sudoers file. I am asked to troubleshoot why a particular user (alandhi) is not able to run a script as a different user(scmtg). I have the following line in my sudoers file and the user's name added to the group. User_Alias QA_USERS = alandhi, testuser1, qauser3 ... (3 Replies)
Discussion started by: Tuxidow
3 Replies

6. Cybersecurity

Help with sudoers file - AIX

Hi all, I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want. Here's what I would like to have: => OS Users - John (group staff) - Bob (group staff) - app20adm (group app20grp) - app70adm (group app70grp) - sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies

7. UNIX for Dummies Questions & Answers

Pls. help with sudoers file...

Hi, I was asked to create sudoers file for operation team so they can sudo as another user and run few commands. I have updated /etc/sudoers file. User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS, Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies

8. UNIX for Dummies Questions & Answers

Help with Sudoers file

Hi using Solaris 10. trying to update /etc/sudoers file I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message sudo su - >>> sudoers file: parse error, line 9 <<< >>> sudoers file: parse error, line 9 <<< ... (2 Replies)
Discussion started by: samnyc
2 Replies

9. Solaris

Sudoers file

In the sudoers file in Solaris... I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies

10. UNIX for Beginners Questions & Answers

How to setup sudoers file ?

Hi, I have several employees of whom we have created Linux user ids as below. fred mohtashim jhon matt croft .... $ id uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Note: All my employee users belong to techx... (3 Replies)
Discussion started by: mohtashims
3 Replies

LEARN ABOUT SUSE

smrsh

SMRSH(8)						      System Manager's Manual							  SMRSH(8)

NAME

       smrsh - restricted shell for sendmail

SYNOPSIS

       smrsh -c command

DESCRIPTION

       The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files.  It sharply limits
       the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system.   Briefly,
       even  if  a  ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
       that he or she can execute.

       Briefly, smrsh limits programs to be in a single directory, by default /usr/lib/sendmail.d/bin/ allowing the system administrator to choose
       the  set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''.  It also rejects any commands with the
       characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
       It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''

       Initial	pathnames  on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
       tion'', and ``vacation'' all actually forward to `/usr/lib/sendmail.d/bin/vacation''.

       System administrators should be conservative about populating the /usr/lib/sendmail.d/bin/ directory.  For example, a reasonable  additions
       is vacation(1), and the like.  No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
       /usr/lib/sendmail.d/bin/ directory.  Note that this does not restrict the use of shell or  perl	scripts  in  the  /usr/lib/sendmail.d/bin/
       directory  (using the ``#!'' syntax); it simply disallows execution of arbitrary programs.  Also, including mail filtering programs such as
       procmail(1) is a very bad idea.	procmail(1) allows users to run arbitrary programs in their procmailrc(5).

COMPILATION

       Compilation should be trivial on most systems.  You may need to use -DSMRSH_PATH="path" to adjust the default search  path  (defaults	to
       ``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/lib/sendmail.d/bin/'').

FILES

       /usr/lib/sendmail.d/bin/ - default directory for restricted programs on SuSE Linux

SEE ALSO

       sendmail(8)

							   $Date: 2004/08/06 03:55:35 $ 						  SMRSH(8)
All times are GMT -4. The time now is 06:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy