09-09-2011
allow user to use sudo cp on a specific directory and only a specific file
Is there a way to allow a user to use sudo cp on a specific directory and only a specific file?
10 More Discussions You Might Find Interesting
1. Solaris
dear all
does any one give any user write permission using access control list or another way to solve this problem (1 Reply)
Discussion started by: murad.jaber
1 Replies
2. Solaris
Hi experts,
I have a user "bingo" in my sunsolaris 9.
# /etc/passwd
bingo:x:513:1::/export/home/bingo:/bin/bash
when anyone Telnet to this user it goes to his home directory /export/home/bingo
But now i want- when someone FTP to this user "bingo" it will NOT go to his home dir. Rather it... (5 Replies)
Discussion started by: thepurple
5 Replies
3. UNIX for Dummies Questions & Answers
hello,
I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user.
I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies
4. Solaris
I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that?
Thanks (5 Replies)
Discussion started by: gsander
5 Replies
5. Solaris
is is possible to grant user access to only one subdirectory? example
a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group)
$ cd /etc/mydir
$ls
file1 file2
$ls -al
-rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1
-rw-rw-r-x 2 unixguy uguys 96 Dec 8... (1 Reply)
Discussion started by: lhareigh890
1 Replies
6. Solaris
Hi all,
I want to create a new user and grant him ONLY transfer files access to a specific directory where he can only upload and read the files. He should be restricted to this activity only.
Regards (6 Replies)
Discussion started by: gilldn
6 Replies
7. Solaris
Hi,
I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies
8. Solaris
Hello Team,
I have Solaris 10 u6
I have a user test1 using bash that belong to the group staff.
I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories.
How can I do it ?
Thanks in advance (1 Reply)
Discussion started by: csierra
1 Replies
9. UNIX for Advanced & Expert Users
Hello Folks,
Of course i came here for your favour :)
How to set a defalult home directory for sFTP login ( at present users land in to their home directrory) when they connect from specific server.
When server(A) sFTP's to Linux server(B) they land to thier home directory.
I want... (5 Replies)
Discussion started by: Thala
5 Replies
10. UNIX for Beginners Questions & Answers
Hello,
I have a user Bob on a RHEL 7 server1. Where his script area is "/home/Bob/scripts/" and he is the owner for this directory.
On the server1, there is a NFS mount from another server2, with path as "/global/work/" and Bob is the owner for this directory too in server2. (Same UID and GID... (5 Replies)
Discussion started by: karumudi7
5 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)