Full Discussion: sudo/sudoers
Operating Systems HP-UX sudo/sudoers Post 302544562 by Peasant on Thursday 4th of August 2011 07:24:06 AM
Old 08-04-2011
Well, i did try but to no avail.
I found and example function to avoid sudo completly and log root commands, but it runs in infinite loop using posix shell (/sbin/sh) and trap <function> DEBUG
I'm unable to determine why is it working in everything besides posix shell Smilie

This is the code (this works in ksh and bash, but i'm not changing default root shell, since if /usr is not avalible machine won't boot.)
This is .profile
Code:
function cmd2sys
{
        CMD=$(fc -ln -0)
        USER=$(whoami)
        logger -p local1.notice -i : COMMAND = $CMD" ; "USER = $USER" ; "PWD=$PWD
}
trap cmd2sys DEBUG

Can you be more specific, how would you prefix every command with sudo in bash shell using command_not_found_handle ?

Thanks alot.
Regards
Peasant.
 

10 More Discussions You Might Find Interesting

1. Solaris

sudoers and sudo

Hi, on solaris 10, I have two users : user1 and user2 I want to create User_Alias and Cmnd_Alias to allow them to execute a command without prompting for sudo password. command I want these users should be able to run is '/usr/bin/su - abcd' . Also user1 and 2 need not type the 'abcd'... (6 Replies)
Discussion started by: upengan78
6 Replies

2. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

3. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

4. Solaris

sudoers

what is the configuration file for sudo? can we edit it as like other file or will it create any adverse effect on editing that file? thanks in advance dinu (1 Reply)
Discussion started by: dinu
1 Replies

5. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

6. Linux

How to configure sudoers in order to hide some sudo commands.

Hi Unix.com people! :) My question, I think, it's easy to understand. I want to configure my sudoers file (/etc/sudoers) in order to hide automatically, some repetitive and annoying commands to be listed on auth.log (/var/log/auth.log). Anyone know something, or know where I can... (0 Replies)
Discussion started by: fefafefa
0 Replies

7. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

8. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

9. Solaris

Sudo Privileges & Sudoers Group

I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies

10. Red Hat

How to disable sudo -i in sudoers file for users?

All, I need to disable "sudo -i" and "su - " for all servers in our environment, We want to make sure no one run commands or delete files across environment using switching to root account. can you guys please lets me know if this is achievable. Thanks and Regards shekar (2 Replies)
Discussion started by: shekar777
2 Replies
sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME
sudo_root - How to run administrative commands SYNOPSIS
sudo command sudo -i INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead, the installer will set up sudo to allow the user that is created during install to run all administrative commands. This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed. To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use sudo -i. ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you have to add these users to the group 'admin' by doing one of the following steps: * In a shell, do sudo adduser username admin * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group. BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following: * Users do not have to remember an extra password, which they are likely to forget. * The installer is able to ask fewer questions. * It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing. * Sudo adds a log entry of the command(s) run (in /var/log/auth.log). * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do not know is what the usernames of your other users are. * Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not compromising the root account. * sudo can be set up with a much more fine-grained security policy. * On systems with more than one administrator using sudo avoids sharing a password amongst them. DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted: * Redirecting the output of commands run with sudo can be confusing at first. For instance consider sudo ls > /root/somefile will not work since it is the shell that tries to write to that file. You can use ls | sudo tee /root/somefile to get the behaviour you want. * In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to leave the system unusable. An extra local user, or an enabled root password is needed here. GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended! To enable the root account (i.e. set a password) use: sudo passwd root Afterwards, edit the sudo configuration with sudo visudo and comment out the line %admin ALL=(ALL) ALL to disable sudo access to members of the admin group. SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo February 8, 2006 sudo_root(8)

Featured Tech Videos

All times are GMT -4. The time now is 01:11 AM.
Unix & Linux Forums Content Copyright 1993-2021. All Rights Reserved.
Privacy Policy