It is quite simple. A few examples should clarify it for you.
You can grant users jelo and kiki full access to all privileged commands, with this /etc/sudoers entry.
This is generally not a good idea because this allows jelo and kiki to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo.
A better way is to grant access to specific program files. For example, this /etc/sudoers entry allows user jelo and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the command /opt/oracle/check.pl. BTW, the trailing slash (/) is required to specify a directory location:
Read the sudo man page for more information. It is quite comprehensive.
folks;
How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Hi,
I'm one of a server administrators. I've the linux root account but I don't know the root password of MySQL (Server version: 5.0.32). I want to GRANT ALL PRIVILEGES to my MySQL account without changing the MySQL's root password. How can I do so? (0 Replies)
HI friends can i know how to assign sudo permission to normal user in solaris, and if not i want to assign few commands like format,user creation to normal user, i want to share few permission to normal user towork like a root in $ prompt. (2 Replies)
HI All,
I am using solaris
i created a user adam and updated his permissions
in vi sudoers file as follows
adam ALL=(ALL) NOPASSWORD: ALL
...........
when i create user by logging as sudo user .
$ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan
sudo: not found
... (6 Replies)
Hi,
I'm trying to provide "/usr/bin/kill -HUP" command to one of the user using sudo file. I have configured sudo as following:
$cat /etc/sudoers
User_Alias AA=conadmin
Cmnd_Alias KILL1=/usr/bin/kill -HUPAA ALL=NOPASSWD:KILL1
When I login as the user and execute 'sudo -l' command, it... (2 Replies)
All:
I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...).
The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Hi All
I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file
Please help if some know the syntex? :confused::wall: (2 Replies)
I have a script that checks if the script has been ran with sudo.
If the script is not ran as sudo, the current script is being executed with exec sudo bash.
You are asked for a password, you type in the password, success. Everything is perfect - the commands inside the script are ran as sudo.... (1 Reply)
Hi,
I need to grant read permission to a normal user on sulog file on AIX 6.1.
As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies
LEARN ABOUT DEBIAN
consolehelper
CONSOLEHELPER(8) System Manager's Manual CONSOLEHELPER(8)NAME
consolehelper - A wrapper that helps console users run system programs
SYNOPSIS
progname [ options ]
DESCRIPTION
consolehelper is a tool that makes it easy for console users to run system programs, doing authentication via PAM (which can be set up to
trust all console users or to ask for a password at the system administrator's discretion). When possible, the authentication is done
graphically; otherwise, it is done within the text console from which consolehelper was started.
It is intended to be completely transparent. This means that the user will never run the consolehelper program directly. Instead, pro-
grams like /sbin/shutdown are paired with a link from /usr/bin/shutdown to /usr/bin/consolehelper. Then when non-root users (specifically,
users without /sbin in their path, or /sbin after /usr/bin) call the "shutdown" program, consolehelper will be invoked to authenticate the
action and then invoke /sbin/shutdown. (consolehelper itself has no priviledges; it calls the userhelper(8) program do the real work.)
consolehelper requires that a PAM configuration for every managed program exist. So to make /sbin/foo or /usr/sbin/foo managed, you need
to create a link from /usr/bin/foo to /usr/bin/consolehelper and create the file /etc/pam.d/foo, normally using the pam_console(8) PAM mod-
ule.
OPTIONS
This program has no command line options of its own; it passes all command line options on to the program it is calling.
SEE ALSO userhelper(8)AUTHOR
Michael K. Johnson <johnsonm@redhat.com>
Red Hat Software 18 March 1999 CONSOLEHELPER(8)