To fine grain your goal, you need to create several groups depending on the roles. Like you can create a group "idadmins" which will contain the users who work on access controls and user administration.
Next, create a command alias in /etc/sudoers file with all of the commands that would need root privilege and has to be used by the members of idadmins group. Something like this:
Now, add a line like the below to delegate the idadmins group permission to execute the commands in USRADMN command alias as root.
In this way, you do not have to rework on /etc/sudoers file while adding a new user admin; just add him/her to the idadmins group and that's it. Also, as you are defining exactly what commands they can use with sudo, yu are restricting them from using any other command with sudo which requires root privilege, e.g: mount (although, just the mount command does not require root privileges on most UNIX systems; that's just to show what filesystems are mounted presently). Hope this helps!!
Hello,
I am needing to find what smtp server we are using on our linux box that run suse 9 when ever we mail out from the box using the mail command.... I have searched the board and see references to sendmail.cf but can't find this file on our box... I see alot of mail configs in /etc/postfix... (2 Replies)
I am trying to set up sudo for a command, but do not want to specify the arguments that can be passed into it. I want the user who is using sudo to be able to pass in the arguments they want. I am fairly sure I know how to do this with RBAC in Solaris 10, but for reasons I will not get into I... (1 Reply)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Hi everyone :),
I need sort Cisco configs to report but i cannot do the script to made this:
#### INPUT #####
config-register 0x2102
version 12.2
!
hostname Router
!
interface Ethernet0
description Red LAN
ip address 192.168.1.1 255.255.255.0
no cdp enable
!
interface Serial0... (6 Replies)
Hi,
I'm somewhat new to unix OS
and I'm at course for programmers in my country.
and in the course we learn unix and how to script in unix. of course we just started and we learned only the very basic, but I'm a really computer freak and I looking for a way to make the course easier on all of... (8 Replies)
hi All, is there a way in linux to loop thru all variables sourced?
i have a set configs like
A=100
b=200
c=400
i can add the above lines to a file and source - so that $A will be 100 .. like wise
now when i do a cut -c 1-2 file.txt |sort | uniq -c on a file it returns me
A 100
B 50
c... (1 Reply)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
I have several Redhat servers and workstations that I need to be able to monitor for any changes and be notified of any changes to the OS. The features I need to specifically monitor are:
ports - opening of new ports that are not already in a whitelist
services - any starting or attempts to start... (1 Reply)
I know there are better ways to do this.
I prefer snmp. I do not have the proper perl modules loaded on the platorm. Snmp isnt loaded on the platform. Telnet is not an option. I need to write an expect script to pull cisco equipment configs.
The following code is executed once I gain... (0 Replies)
Discussion started by: popeye
0 Replies
LEARN ABOUT OSF1
quotaoff
quotaon(8) System Manager's Manual quotaon(8)NAME
quotaon, quotaoff - turns quota enforcement on or off
SYNOPSIS
/usr/sbin/quotaon [-guv] file_spec ...
/usr/sbin/quotaon -a [-guv]
/usr/sbin/quotaoff [-guv] file_spec ...
/usr/sbin/quotaoff -a [-guv]
PARAMETERS
Specifies one or more file systems. Specify any file system by entering its full path name or its mount point. The full path name is the
name entered in the file-spec field of the file system's entry in the /etc/fstab file. The mount point is the name entered in the
mnt_point field of the file system's entry in the /etc/fstab file.
For UFS file systems, you can alternatively enter the name of a block device special file. For example: /dev/disk/dsk3c.
For AdvFS filesets, you can alternatively enter the name of a file domain, a pound sign (#), and the name of the fileset. For exam-
ple: root_domain#root.
FLAGS
Turns on (with quotaon) or turns off (with quotaoff) quotas for all file systems identified in the /etc/fstab file as read/write with quo-
tas. Turns on or off group quotas only. Turns on or off user quotas only. Prints a message for each file system whose quotas are turned
on or off.
DESCRIPTION
The quotaon and quotaoff commands enable or disable user and group quotas that have been established using the edquota command. To turn
the quotas on or off, the file systems specified must have the userquota and groupquota entries in the /etc/fstab file and be mounted at
the time.
quotaon and quotaoff must be run by a user with superuser authority.
These commands expect each file system to have quota files named quota.user and quota.group in the root directory of the file system.
(These default file locations may be overridden in the /etc/fstab file.)
By default, both user and group quotas are affected by the quotaon and quotaoff commands. Use the -g flag to specify only group quotas or
the -u flag to specify only user quotas.
NOTES
The term file system represents either a UFS file system or an AdvFS fileset.
The quotaon and quotaoff commands are used to manage user and group quotas: they are not used to manage AdvFS fileset quotas. Use the
chfsets command to set or clear fileset quotas.
AdvFS always maintains user and group file and block usage in the quota files (quota.user and quota.group). User and group quota limit
information displays with the showfsets command even if quota enforcement is turned off.
When a file system is unmounted, user and group quotas are disabled. After a file system has been remounted, use the quotaon command to
enable user and group quotas on the file system.
RESTRICTIONS
You must be the root user to run the quotaon and quotaoff commands.
FILES
Specifies the command path Specifies the command path Contains user quotas for filesets Contains group quotas for filesets Contains file
system names and locations
RELATED INFORMATION
Commands: chfsets(8), showfsets(8), edquota(8), fsck(8), quota(1), quotacheck(8), repquota(8).
Functions: quotactl(2).
Files: fstab(4). delim off
quotaon(8)