Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restrict SUDO Access
Operating Systems Linux Ubuntu Restrict SUDO Access Post 302602335 by daWonderer on Tuesday 28th of February 2012 02:56:15 AM
Old 02-28-2012
Quote:
Originally Posted by admin_xor
Also, make sure that you are using visudo to edit /etc/sudoers file as it will show you syntax error.
I started 'visudo' first time after reading this thread and read it.
To apply the includedir directive I've uncommented the last line.

what a surprise - 'visudo' tells me there is a syntax error in this line! How to enable the includes?

---------- Post updated 28-02-12 at 08:56 AM ---------- Previous update was 27-02-12 at 11:07 AM ----------

Quote:
Originally Posted by spynappels
The simplest way is to make them log in as a user which does not have SUDO access.
I think additionally it's good to deny execution of 'su'.

Quote:
Originally Posted by admin_xor
By the way, allowing all commands and restricting only passwd does not even get closer to secure your cbttest account. For an example, user can run "sudo -u cbttest vi" and then in vi, they can press ESC and execute "!/bin/sh" to get a shell which will run with cbttest's privileges.
do you know of a list containing all usual commands installed with unix providing something like this (to block execution)?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache restrict access with certificates

Hello! Does anyone know if it's possible to restrict access to apache webserver with certificates? What I want is that if a user has a certificate in his browser then he get's access, if not show error or another page. I would be very happy if someone knew! /D (2 Replies)
Discussion started by: Esaia
2 Replies

2. UNIX for Advanced & Expert Users

Restrict access to specific users.

Hi All! I would like to know if there is any specific way by which I can restrict access to apecific users (ip addresses). OS : Red hat linux Thanks! nua7 (6 Replies)
Discussion started by: nua7
6 Replies

3. UNIX for Advanced & Expert Users

Restrict Access to the folder

Hi I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders. /export/home/kapil/shared, /export/home/kapil/shared/Folder1 /export/home/kapil/shared/Folder2 These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies

4. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

5. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

6. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

7. Shell Programming and Scripting

Restrict access to .ksh scripts

Hi, How to restrict access to a .ksh script in such the way that the users can only execute the script, neither read nor write. I tried the below code so that my user alone has the rwx and other users can only execute. chmod 711 sample.ksh But when I logged in as a different user... (26 Replies)
Discussion started by: machomaddy
26 Replies

8. Solaris

restrict sudo and chown in specified directory

Hi Dears, I have one requirement like this: general user A can execute command C with root privilege by sudo configuration some folders and files are created during the command C execution user A cannot access those folders and files because the owner is root user, so I want the user A... (0 Replies)
Discussion started by: crest.boy
0 Replies

9. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

10. Red Hat

Restrict sudo -i

Hi, I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose. Is it possible to block sudo -i with the help of sudoers file or any other way. Please advise. The below... (1 Reply)
Discussion started by: Jartan
1 Replies

LEARN ABOUT CENTOS

shell-quote

SHELL-QUOTE(1)						User Contributed Perl Documentation					    SHELL-QUOTE(1)

NAME

       shell-quote - quote arguments for safe use, unmodified in a shell command

SYNOPSIS

       shell-quote [switch]... arg...

DESCRIPTION

       shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell.  This lets you process commands
       or files with embedded white space or shell globbing characters safely.	Here are a few examples.

EXAMPLES

       ssh preserving args
	   When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives.  It just joins them with spaces and
	   passes them to "$SHELL -c".	This doesn't work as intended:

	       ssh host touch 'hi there'	   # fails

	   It creates 2 files, hi and there.  Instead, do this:

	       cmd=`shell-quote touch 'hi there'`
	       ssh host "$cmd"

	   This gives you just 1 file, hi there.

       process find output
	   It's not ordinarily possible to process an arbitrary list of files output by find with a shell script.  Anything you put in $IFS to
	   split up the output could legitimately be in a file's name.	Here's how you can do it using shell-quote:

	       eval set -- `find -type f -print0 | xargs -0 shell-quote --`

       debug shell scripts
	   shell-quote is better than echo for debugging shell scripts.

	       debug() {
		   [ -z "$debug" ] || shell-quote "debug:" "$@"
	       }

	   With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.

       save a command for later
	   shell-quote can be used to build up a shell command to run later.  Say you want the user to be able to give you switches for a command
	   you're going to run.  If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
	   things the user can't pass through), you can do something like this:

	       user_switches=
	       while [ $# != 0 ]
	       do
		   case x$1 in
		       x--pass-through)
			   [ $# -gt 1 ] || die "need an argument for $1"
			   user_switches="$user_switches "`shell-quote -- "$2"`
			   shift;;
		       # process other switches
		   esac
		   shift
	       done
	       # later
	       eval "shell-quote some-command $user_switches my args"

OPTIONS

       --debug
	   Turn debugging on.

       --help
	   Show the usage message and die.

       --version
	   Show the version number and exit.

AVAILABILITY

       The code is licensed under the GNU GPL.	Check http://www.argon.org/~roderick/ or CPAN for updated versions.

AUTHOR

       Roderick Schertler <roderick@argon.org>

perl v5.16.3							    2010-06-11							    SHELL-QUOTE(1)
All times are GMT -4. The time now is 06:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy