Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: grant sudo permission
Top Forums UNIX for Dummies Questions & Answers grant sudo permission Post 302524226 by fpmurphy on Sunday 22nd of May 2011 12:07:26 PM
Old 05-22-2011
It is quite simple. A few examples should clarify it for you.

You can grant users jelo and kiki full access to all privileged commands, with this /etc/sudoers entry.
Code:
jelo, kiki  ALL=(ALL) ALL

This is generally not a good idea because this allows jelo and kiki to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo.

A better way is to grant access to specific program files. For example, this /etc/sudoers entry allows user jelo and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the command /opt/oracle/check.pl. BTW, the trailing slash (/) is required to specify a directory location:
Code:
jelo, %operator ALL= /sbin/, /usr/sbin, /opt/oracle/check.pl

Read the sudo man page for more information. It is quite comprehensive.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Sudo permission issue

folks; How can i give a group a sudo permission to execute only some command "like start/stop Apache", so every user in that group can sudo to use this as himself, i mean when he tries to sudo, he will be asked for a password (and make it so he must use his own NT password not a generic one) then... (6 Replies)
Discussion started by: Katkota
6 Replies

2. UNIX for Dummies Questions & Answers

MySQL GRANT permission.

Hi, I'm one of a server administrators. I've the linux root account but I don't know the root password of MySQL (Server version: 5.0.32). I want to GRANT ALL PRIVILEGES to my MySQL account without changing the MySQL's root password. How can I do so? (0 Replies)
Discussion started by: mjdousti
0 Replies

3. Solaris

sudo permission

HI friends can i know how to assign sudo permission to normal user in solaris, and if not i want to assign few commands like format,user creation to normal user, i want to share few permission to normal user towork like a root in $ prompt. (2 Replies)
Discussion started by: kurva
2 Replies

4. UNIX for Dummies Questions & Answers

changing password with sudo user " permission denied"

HI All, I am using solaris i created a user adam and updated his permissions in vi sudoers file as follows adam ALL=(ALL) NOPASSWORD: ALL ........... when i create user by logging as sudo user . $ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan sudo: not found ... (6 Replies)
Discussion started by: kalyankalyan
6 Replies

5. Solaris

sudo for permission kill -HUP

Hi, I'm trying to provide "/usr/bin/kill -HUP" command to one of the user using sudo file. I have configured sudo as following: $cat /etc/sudoers User_Alias AA=conadmin Cmnd_Alias KILL1=/usr/bin/kill -HUPAA ALL=NOPASSWD:KILL1 When I login as the user and execute 'sudo -l' command, it... (2 Replies)
Discussion started by: mohzub
2 Replies

6. Solaris

Can't sudo Using Group Permission

All: I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...). The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies

7. HP-UX

Sudo entry required to set permission similar to ROOT without using password (PASSWD) change optio

Hi All I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file Please help if some know the syntex? :confused::wall: (2 Replies)
Discussion started by: deviltech
2 Replies

8. Solaris

Adding user with Sudo permission in solaris 9

How can I add user with Sudo permission in solaris 9 ? I'm new in Solaris (2 Replies)
Discussion started by: ahmednoaman
2 Replies

9. Shell Programming and Scripting

Executing bash file with sudo for the second time, leads to permission denied, for some commands

I have a script that checks if the script has been ran with sudo. If the script is not ran as sudo, the current script is being executed with exec sudo bash. You are asked for a password, you type in the password, success. Everything is perfect - the commands inside the script are ran as sudo.... (1 Reply)
Discussion started by: boqsc
1 Replies

10. AIX

Unable to set ACLs on sulog - need to grant read permission to a normal user on AIX 6.1

Hi, I need to grant read permission to a normal user on sulog file on AIX 6.1. As root I did acledit sulog and aclget shows "extended permissions" as "enabled" and normal user "splunk" has read permissions. When I try to access sulog as splunk user it won't allow and aclget for splunk user... (6 Replies)
Discussion started by: prvnrk
6 Replies

LEARN ABOUT OSF1

dop

dop(8)							      System Manager's Manual							    dop(8)

NAME

       dop - Allows a user to execute a privileged program without knowing the root password. The dop command also modifies the action database.

SYNOPSIS

       /usr/sbin/dop [-n  | -N] [ui:] action [args]

       /usr/sbin/dop -a priv[,priv]... action [ui:]pathspec[,[ui:]pathspec]...

       /usr/sbin/dop -a priv[,priv]... [ui:]pathspec

       /usr/sbin/dop -d  action

       /usr/sbin/dop [-w  | -W]

OPTIONS

       Invokes	a  prompt  asking  the	user  if  they want to run the command as a user or as root. The root password is required to run as root.
       Attempts to run the action with the user privileges.  Adds new actions to the dop database.  Deletes an existing action from the dop  data-
       base.  Writes a binary image without changing the source.  Updates the actionlist from the dop action file and then executes the -w option,
       which writes the binary image.

OPERANDS

       Name of privileged program to invoke Arguments to pass to the application guarded by the privilege.  Comma separated  privilege	list  (see
       sysman dopconfig) The fully qualified path name and arguments for the associated action.

	      When  specified by a comma separated pathlist and arguments for multiple user interface domains (ui:), the first ui: argument speci-
	      fied is used as the default. If no action is specified, then the path base name is used. A  run-time  argument  replaces	the  first
	      occurrence of asterisk as a word (for example *) in a string, or else they are ignored. Path arguments should be quoted per the cur-
	      rent shell.  Optional.  A user interface domain, typically one of X11, suit, java, menu, cui, or cli.

DESCRIPTION

       The dop (Division of Privileges) command can execute an action after proper authentication from	the  privilege	database  file.  For  more
       information, see the Security guide.

RESTRICTIONS

       You must have root privileges to modify the privileges database.

EXAMPLES

       The following example will add an action to the AccountManagement privilege.  dop -a AccountManagement adduser_script /usr/sbin/adduser

       The following example runs the action adduser_script for the AccountManagement privilege.  dop adduser_script

       The following example deletes the adduser_script action from the action database.  dop -d adduser_script

FILES

       Executable file.  Executable file for adding or deleting permissions for users and or groups.  dop database.

SEE ALSO

       Commands: sysman(8)

																	    dop(8)
All times are GMT -4. The time now is 01:16 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy