Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict SUDO Access
Operating Systems Linux Ubuntu Restrict SUDO Access Post 302602005 by explorer007 on Saturday 25th of February 2012 01:29:36 PM
Old 02-25-2012
Admin: Here is the test case that I went through
My Sudoers File

Code:
# User privilege specification
root    ALL=(ALL:ALL) ALL

alex    ALL=(cbttest:sytgrp) ALL, !/bin/echo


[alex@ubuntu] "/home/alex/Desktop"
$ whoami
alex
[alex@ubuntu] "/home/alex/Desktop"
$ sudo -H -u cbttest -i
[sudo] password for alex: *******
[cbttest@ubuntu] "/home/cbttest"
$ whoami
cbttest
[cbttest@ubuntu] "/home/cbttest"
$ export DT=ABC
[cbttest@ubuntu] "/home/cbttest"
$ echo $DT
ABC
[cbttest@ubuntu] "/home/cbttest"
$ which echo
/bin/echo

Last edited by Scott; 02-25-2012 at 03:24 PM.. Reason: Please use code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache restrict access with certificates

Hello! Does anyone know if it's possible to restrict access to apache webserver with certificates? What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page. I would be very happy if someone knew! /D (2 Replies)
Discussion started by: Esaia
2 Replies

2. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

3. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

4. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

5. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

6. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

7. Shell Programming and Scripting

Restrict access to .ksh scripts

Hi, How to restrict access to a .ksh script in such the way that the users can only execute the script, neither read nor write. I tried the below code so that my user alone has the rwx and other users can only execute. chmod 711 sample.ksh But when I logged in as a different user... (26 Replies)
Discussion started by: machomaddy
26 Replies

8. Solaris

restrict sudo and chown in specified directory

Hi Dears, I have one requirement like this: general user A can execute command C with root privilege by sudo configuration some folders and files are created during the command C execution user A cannot access those folders and files because the owner is root user, so I want the user A... (0 Replies)
Discussion started by: crest.boy
0 Replies

9. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

10. Red Hat

Restrict sudo -i

Hi, I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose. Is it possible to block sudo -i with the help of sudoers file or any other way. Please advise. The below... (1 Reply)
Discussion started by: Jartan
1 Replies

LEARN ABOUT OSF1

alex

alex(1) 						      General Commands Manual							   alex(1)

NAME

       alex - extract addresses from message headers (only available within the message handling system, mh)

SYNOPSIS

       alex [+folder] [msgs] [options]

OPTIONS

       Accepts an address that you type in, rather than taking an address from a message. If any -field option is specified, it is ignored.  Spec-
       ifies the name of the alias file, in which aliases are placed. You must provide a file name or a dash (-) as an argument with this  option.
       There  is  no  default  value.  If the value given for this option is -, or the option is not specified, alex will print the output to your
       screen.	If you do not give the full pathname of your alias file, alex will look for the alias file in your Mail directory, as specified in
       the  Path  field  of  your file. If alex cannot locate the alias file in the directory that you specify, it will ask you whether or not you
       wish to create one.

	      You can set up an alias file to be used by alex in your mh_profile(4) for more information.  Like other mail commands, alex uses the
	      Aliasfile  entry to find the alias file.	Prevents any repetition of the same address in the output of an alex command.  You can use
	      this option when there are multiple  occurrences of an address in an address group and you want just one	occurrence of it  in  your
	      alias.  The default is -nocompress.  Specifies the name of a header field. The name of the field is not case-sensitive. If you spec-
	      ify this option without providing an argument, the default values are: -field reply-to/sender/from/to.  You  can	set  up  your  own
	      default values for the -field option in your mh_profile(4).

	      Examples	of field names are From, cc and To. You must not type a colon after the name of a field.  When more field names follow, in
	      the form /name, the message header is searched for each of the fields in turn until one is found. Only the first header field  found
	      to contain an address is used; the rest are ignored.

	      The option -nofield excludes the named field.

	      The  special name, all, means all fields, and can be used as a value for the -nofield option to override any default order of header
	      fields, otherwise -field values are appended to any default values.  Specifies that any  address	replacements  or  appendings  will
	      apply  to  all  occurrences  of that alias name. Normally, if an alias name is entered in the alias file more than once, any actions
	      performed by alex are performed only on the first occurrence of that alias name.	The -global option ensures that  any  changes  are
	      made  to all occurrences of the alias. Whenever this option is specified, a message is broadcast to your screen telling you how many
	      entries in the alias file have been changed.  Prints a list of the valid options for this command.  Specifies  the  alias  name  for
	      address  information  extracted.	The alex command appends a colon (:) to the name as required by mh-alias(4). If you do not specify
	      this option,alex will print extracted addresses to your screen.  If you specify this option, you must provide an argument; there	is
	      no  default value.  Extracts addresses interactively. Before adding each address of a list of extracted addresses to an alias group,
	      the mail system will ask you whether you wish the address to be added. The query prompt is written on the standard error output. The
	      default  is  -noquery.   Replaces  existing alias with the new list of addresses. By default, if there is an existing alias with the
	      same name as the one you are trying to create, alex appends the new address list to the old alias. If an	address  appears  in  both
	      address groups, it is still appended, so that it appears twice in the new alias. You can specify this explicitly by using the -nore-
	      place option. If you specify the -replace option, the new list of addresses replaces the existing group.	The default is -noreplace.
	      Specifies the maximum width of your alias file line. If an alias group extends beyond this length, it is continued on the next line,
	      with a backslash () at end of the first line. Any X.400 addresses which are longer than the maximum line length specified  by  this
	      option are automatically wrapped onto the next line. This option affects the format of each individual entry when it is implemented;
	      any subsequent or previous entries in the alias file remain the same. The default is 72 characters.

DESCRIPTION

       The address line extraction utility alex extracts electronic mail addresses from message headers and prints the addresses on your screen or
       places them, with a  specified alias name, in an alias file.

       By  default,  alex  searches for addresses in the current message  in the current folder. You can list the messages you wish alex to search
       giving a msgs argument.	You can also search messages in a different folder by giving a +folder argument.

       You define the fields from which you want addresses by using combinations of field names with the -field option. You  can  also	supply	an
       address	yourself  as  a value to the -address option. Results are printed either to your screen or to a file in mh-alias(4) format.  Where
       there is an address group in the alias file with an alias name identical to one you have specified in an alex command, it may  be  replaced
       or the new addresses appended.  A copy of the original alias file is kept.

       By  default, alex searches the Reply-to:, Sender:, From: and To: header fields in that order until an address is found. You can set up your
       own default values for alex in your file; see mh_profile(4).

       When giving options to the alex command, generally the shortest unique abbreviation suffices.

RESTRICTIONS

       Because the -nofield option can take the value all as an argument, alex will not recognize a header field called All.  If you wish  to  use
       such a header field, you should call it X-all.

       If  a command line contains contradictory arguments then the last value specified is used. For example, in the following command, alex only
       uses the options -name fred and -noreplace: % alex -name sam -name fred -replace -noreplace

EXAMPLES

       This example takes the address from the From field of the current message, and places it in your alias file with the alias name bob: % alex
       -field  from  -alias  aliases  -name bob The following example shows what happens if you specify an alias file that does not exist. You are
       asked whether you want to create the file; enter y to  create  it:  %  alex  -field  from  -name  bob  -alias  aliases  Create  alias  file
       "HOME/Mail/aliases"? y The next example takes addresses from two fields, From and cc, and saves them as the alias sales_team: % alex -field
       from -field cc -alias aliases -name sales_team

FILES

       Your user profile.

SEE ALSO

       ali(1), mh(1), pick(1), mh-alias(4), mh_profile(4)

																	   alex(1)
All times are GMT -4. The time now is 08:19 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy