Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: grant sudo permission
Top Forums UNIX for Dummies Questions & Answers grant sudo permission Post 302524226 by fpmurphy on Sunday 22nd of May 2011 12:07:26 PM
Old 05-22-2011
It is quite simple. A few examples should clarify it for you.

You can grant users jelo and kiki full access to all privileged commands, with this /etc/sudoers entry.
Code:
jelo, kiki  ALL=(ALL) ALL

This is generally not a good idea because this allows jelo and kiki to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo.

A better way is to grant access to specific program files. For example, this /etc/sudoers entry allows user jelo and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the command /opt/oracle/check.pl. BTW, the trailing slash (/) is required to specify a directory location:
Code:
jelo, %operator ALL= /sbin/, /usr/sbin, /opt/oracle/check.pl

Read the sudo man page for more information. It is quite comprehensive.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Sudo permission issue

folks; How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Discussion started by: Katkota
6 Replies

2. UNIX for Dummies Questions & Answers

MySQL GRANT permission.

Hi, I'm one of a server administrators. I've the linux root account but I don't know the root password of MySQL (Server version: 5.0.32). I want to GRANT ALL PRIVILEGES to my MySQL account without changing the MySQL's root password. How can I do so? (0 Replies)
Discussion started by: mjdousti
0 Replies

3. Solaris

sudo permission

HI friends can i know how to assign sudo permission to normal user in solaris, and if not i want to assign few commands like format,user creation to normal user, i want to share few permission to normal user towork like a root in $ prompt. (2 Replies)
Discussion started by: kurva
2 Replies

4. UNIX for Dummies Questions & Answers

changing password with sudo user " permission denied"

HI All, I am using solaris i created a user adam and updated his permissions in vi sudoers file as follows adam ALL=(ALL) NOPASSWORD: ALL ........... when i create user by logging as sudo user . $ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan sudo: not found ... (6 Replies)
Discussion started by: kalyankalyan
6 Replies

5. Solaris

sudo for permission kill -HUP

Hi, I'm trying to provide "/usr/bin/kill -HUP" command to one of the user using sudo file. I have configured sudo as following: $cat /etc/sudoers User_Alias AA=conadmin Cmnd_Alias KILL1=/usr/bin/kill -HUPAA ALL=NOPASSWD:KILL1 When I login as the user and execute 'sudo -l' command, it... (2 Replies)
Discussion started by: mohzub
2 Replies

6. Solaris

Can't sudo Using Group Permission

All: I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...). The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies

7. HP-UX

Sudo entry required to set permission similar to ROOT without using password (PASSWD) change optio

Hi All I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file Please help if some know the syntex? :confused::wall: (2 Replies)
Discussion started by: deviltech
2 Replies

8. Solaris

Adding user with Sudo permission in solaris 9

How can I add user with Sudo permission in solaris 9 ? I'm new in Solaris (2 Replies)
Discussion started by: ahmednoaman
2 Replies

9. Shell Programming and Scripting

Executing bash file with sudo for the second time, leads to permission denied, for some commands

I have a script that checks if the script has been ran with sudo. If the script is not ran as sudo, the current script is being executed with exec sudo bash. You are asked for a password, you type in the password, success. Everything is perfect - the commands inside the script are ran as sudo.... (1 Reply)
Discussion started by: boqsc
1 Replies

10. AIX

Unable to set ACLs on sulog - need to grant read permission to a normal user on AIX 6.1

Hi, I need to grant read permission to a normal user on sulog file on AIX 6.1. As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies

LEARN ABOUT DEBIAN

0store-secure-add

0STORE-SECURE-ADD(1)													      0STORE-SECURE-ADD(1)

NAME

       0store-secure-add -- add an implementation to the system cache

SYNOPSIS

       0store-secure-add DIGEST

DESCRIPTION

       This  command  imports  the  current  directory	into  the  system-wide	shared	Zero Install cache, as /var/cache/0install.net/implementa-
       tions/DIGEST.  This allows a program downloaded by one user to be shared with other users.

       The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this
       file  must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name
       matches its contents.

       It is intended that it be safe to grant untrusted users permission to call this command with elevated  privileges.  To  set  this  up,  see
       below.

SETTING UP SHARING

       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The other Zero Install programs will call this helper script automatically.

FILES

       /var/cache/0install.net/implementations
	      System-wide Zero Install cache.

LICENSE

       Copyright (C) 2009 Thomas Leonard.

       You may redistribute copies of this program under the terms of the GNU Lesser General Public License.

BUGS

       This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security-critial environments.

       The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.

       If  sudo  let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper
       script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html

AUTHOR

       Zero Install was created by Thomas Leonard.

SEE ALSO

       0store(1)

       The Zero Install web-site:

       http://0install.net

Thomas Leonard							       2010						      0STORE-SECURE-ADD(1)
All times are GMT -4. The time now is 08:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy