02-24-2012
Restrict SUDO Access
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a user Alex( userif alex:admin) and trying to grant him sudo access to a userid (cbttest:sytgrp) i.e granting sudo to ID cbttest
I have added the following info to /etc/sudoers file.
alex ALL=(cbttest:sytgrp) ALL
It was working fine, alex was able to sudo to cbttest.
Now I want to restrict alex not to execute passwd change so tried the below options none worked.
alex ALL=(cbttest:sytgrp) ALL, !/usr/bin/passwd
Cmnd_Alias PASSWD=/usr/bin/passwd
alex ALL=(cbttest:sytgrp) ALL, !PASSWD
alex ALL=(cbttest:sytgrp) !/usr/bin/passwd
alex ALL=(cbttest:sytgrp) ALL, !/usr/bin/pass*
none of the above options worked. Please helpme in restricting the user to execute all like cbttest except passwd
This User Gave Thanks to explorer007 For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello!
Does anyone know if it's possible to restrict access to apache webserver with certificates?
What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page.
I would be very happy if someone knew!
/D (2 Replies)
Discussion started by: Esaia
2 Replies
2. UNIX for Advanced & Expert Users
Hi All!
I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses).
OS : Red hat linux
Thanks!
nua7 (6 Replies)
Discussion started by: nua7
6 Replies
3. UNIX for Advanced & Expert Users
Hi
I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders.
/export/home/kapil/shared,
/export/home/kapil/shared/Folder1
/export/home/kapil/shared/Folder2
These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies
4. Linux
Hi Everybody,
If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies
5. UNIX for Dummies Questions & Answers
Hi All,
How can we restrict a particular user access to a particular shell in solaris 10.
Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies
6. Red Hat
Hi there
I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissions:ownerships:
# ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies
7. Shell Programming and Scripting
Hi,
How to restrict access to a .ksh script in such the way that the users can only execute the script, neither read nor write.
I tried the below code so that my user alone has the rwx and other users can only execute.
chmod 711 sample.ksh
But when I logged in as a different user... (26 Replies)
Discussion started by: machomaddy
26 Replies
8. Solaris
Hi Dears,
I have one requirement like this:
general user A can execute command C with root privilege by sudo configuration
some folders and files are created during the command C execution
user A cannot access those folders and files because the owner is root user, so I want the user A... (0 Replies)
Discussion started by: crest.boy
0 Replies
9. UNIX for Dummies Questions & Answers
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies
10. Red Hat
Hi,
I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose.
Is it possible to block sudo -i with the help of sudoers file or any other way.
Please advise.
The below... (1 Reply)
Discussion started by: Jartan
1 Replies
LEARN ABOUT XFREE86
slapd-passwd
SLAPD-PASSWD(5) File Formats Manual SLAPD-PASSWD(5)
NAME
slapd-passwd - /etc/passwd backend to slapd
SYNOPSIS
/etc/ldap/slapd.conf
DESCRIPTION
The PASSWD backend to slapd(8) serves up the user account information listed in the system passwd(5) file. This backend is provided for
demonstration purposes only. The DN of each entry is "uid=<username>,<suffix>". Note that non-base searches scan the the entire passwd
file, and are best suited for hosts with small passwd files.
CONFIGURATION
This slapd.conf option applies to the PASSWD backend database. That is, it must follow a "database passwd" line and come before any subse-
quent "backend" or "database" lines. Other database options are described in the slapd.conf(5) manual page.
file <filename>
Specifies an alternate passwd file to use. The default is /etc/passwd.
ACCESS CONTROL
The passwd backend does not honor any of the access control semantics described in slapd.access(5). Only read (=r) access to the entry
pseudo-attribute and to the other attribute values of the entries returned by the search operation is honored, which is performed by the
frontend.
FILES
/etc/ldap/slapd.conf
default slapd configuration file
/etc/passwd
user account information
SEE ALSO
slapd.conf(5), slapd(8), passwd(5).
OpenLDAP 2012/04/23 SLAPD-PASSWD(5)