sudo - User privilege specification Post: 302587088

Sponsored Content

Operating Systems AIX sudo - User privilege specification Post 302587088 by admin_xor on Wednesday 4th of January 2012 05:07:14 AM

01-04-2012

Registered User

Well I can give you an example how I setup command alias in /etc/sudoers file for our ID Administration team. This is what it looks like:

Code:

Cmnd_Alias      IDADMIN=/usr/bin/mkuser, /usr/bin/chuser, /usr/sbin/rmuser, \
                /usr/bin/passwd [0-9]*, /usr/bin/passwd [A-z]* ,\
                !/usr/bin/passwd root, \
                /usr/bin/chsec, /usr/bin/mkgroup, /usr/sbin/rmgroup, \
                /home/comadm/passwd_lastupdate.pl, \
                /usr/bin/ls, /usr/bin/chmod, /usr/bin/chown, /usr/bin/chgrp, \
                /usr/bin/find, /usr/sbin/lsuser, /usr/bin/vi /etc/ftpusers, \
                /usr/local/bin/generate_user_file_list, \
                /usr/local/bin/remove_user_files, /usr/bin/cat, \
                /usr/bin/rm -f /var/spool/mail/*, \
                ! /usr/bin/rm -f /var/spool/mail/root, \
                /usr/bin/rm -f /var/spool/cron/crontabs/*, \
                ! /usr/bin/rm -f /var/spool/cron/crontabs/root, \
                /usr/bin/rm -f /var/spool/cron/atjobs/*, \
                /usr/bin/rm -rf /home/*, /usr/bin/pwdadm, /usr/bin/smitty user

With command alias you can not only create positive set of list but also you can specify what they cannot do using sudo (as opposed to what zaxxon said, note the exclamatory sign in front of commands which are being restricted).

Hope you get an idea on how to set up /etc/sudoers

This User Gave Thanks to admin_xor For This Post:

admin_xor

View Public Profile for admin_xor

Find all posts by admin_xor

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Write privilege for user

Is it possible to grant write privileges to a user on a directory with out having to add the user to a group or make the user the owner of the directory? My background is in Windows and in Windows you can grant specific privileges to a user without having to put the user in a group or making the...

2. AIX

[Help] Give privilege to an ordinary user

I'm trying to give a non-root user the right to start IBM HTTP Server, the web server is listening on port 80, but for AIX, ports under 1024 are privilege ports which can be used only by root. /usr/IBMIHS/bin# ./apachectl start (13)Permission denied: make_sock: could not bind to address :::80...

3. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10?

4. UNIX for Dummies Questions & Answers

How to create/restrict a user with to have no privilege from other group

Hello experts I am new to Unix. Env : HPUX I need to create a user say testuser such that it does not have access to file/directories from the other group i.e the last 3 digits . How do I do that. Reason for such a request :- I have an existing user oracle which has default umask...

5. AIX

User Privilege

How to assign superuser privilege to an ordinary user temporarily

6. Red Hat

Save sudo privilege for session

I have setup public key based login to my CentOS VPS. I wish to disable direct root login and have created an admin user under wheel group and have modified /etc/sudoers file and gave Wheel group all privileges. But now I am being prompted for password whenever I type sudo. I do not wish to...

7. Cybersecurity

sudo - AIX - User privilege specification

I am planning to implement sudo for users. Under , it looks I have to put the users who need to have sudo access: What are the recommended for users? I don't think I need to give the ALL privilege (i.e ) to AIX users. I'd like to know the commonly used privilege specification for sudo...

8. Shell Programming and Scripting

Create user with different privilege

Hi , I want to create 3 different user with below privilege in Solaris and Linux. 1) Read Only 2)Read and Write Only 3) Admin user Can you guys help me on this .

9. Solaris

Assigning proc_owner privilege to particular user in RBAC

Hi I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this. Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes...

LEARN ABOUT HPUX

getevent

getevent(2)							System Calls Manual						       getevent(2)

NAME

       getevent() - get events and system calls that are currently being audited

SYNOPSIS

   Remarks
       This  function is provided purely for backward compatibility.  HP recommends that new applications use the command to get events and system
       calls that are currently being audited.	See audevent(1M).

DESCRIPTION

       gets the events and system calls being audited.	The events are returned in a table pointed to by a_event.  The system calls  are  returned
       in a table pointed to by a_syscall.  This call is restricted to users with the privilege.

   Security Restrictions
       Some  or  all of the actions associated with this system call require the privilege.  Processes owned by the superuser have this privilege.
       Processes owned by other users may have this privilege, depending on system configuration.  See privileges(5) for  more	information  about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion, a value of 0 is returned; otherwise, a -1 is returned and is set to indicate the error.

ERRORS

       fails if the following is true:

       The caller does not have the
		      privilege.

AUTHOR

       was developed by HP.

SEE ALSO

       audevent(1M), setevent(2), privileges(5).

								  TO BE OBSOLETED						       getevent(2)