sudo: blocking specific commands Post: 302606170

Sponsored Content

Top Forums UNIX for Advanced & Expert Users sudo: blocking specific commands Post 302606170 by admin_xor on Friday 9th of March 2012 06:02:10 PM

03-09-2012

Registered User

Quote:

Originally Posted by Corona688

For that matter, they could always try the sledgehammer approach:

Code:

sudo cp /bin/sh /usr/bin/freakazoid ; sudo /usr/bin/freakazoid

..and if you can't let them have cp, what can they have?

You're still stuck trying to stop root from being root.

Are you sure this is working for you with a user which has /etc/sudoers entry similar to what you posted?

Because, it does not work for me (which is a good sign) with the similar setup:

Code:

[testuser@blue testuser]$ sudo cp /bin/sh /usr/bin/blahblah
[sudo] password for testuser:
Sorry, user testuser is not allowed to execute '/bin/cp /bin/sh /usr/bin/blahblah' as root on blue.
[testuser@blue testuser]$

Although my knowledge is limited to AIX, Solaris and Linux, I have seen vi to appear in /usr/bin as well in some systems. That's the reason I was concerned and felt obligated to inform the OP about this.

admin_xor

View Public Profile for admin_xor

Find all posts by admin_xor

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Logging all commands after a sudo su-

Hi there, It might seem tricky, I confess. We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems. To by pass this, some people initiate the sudo su - command ; The main issue is to 'know' what those people do when they gain root access....

2. Shell Programming and Scripting

blocking the commands result

swremove productname gives an output screen which has to be blocked... how can i do that?... can anyone please help???

3. AIX

Add sudo executable commands

Guy's I have sudo already installed in AIX , just I want to know how can I add for example the following commands to be executed by sudo by (appuser).. shutdown /usr/startapp.sh /usr/stopapp.sh

4. UNIX for Advanced & Expert Users

allow user to use sudo cp on a specific directory and only a specific file

Is there a way to allow a user to use sudo cp on a specific directory and only a specific file?

5. UNIX for Dummies Questions & Answers

sudo commands list

Hi, Can you please give me a list of commands executed through 'sudo' command, thank you.

6. Programming

Using Commands over SSH using Sudo

Is there a way to transfer my sudo password via ssh so that I can copy files remotely and pass them locally, so: cat sudo-passwd-file|ssh -t user@10.7.0.180 'sudo find / -depth|cpio -oacv|gzip' > /path/to/dir/file.cpio.gz I am in the process of a creating a script. Everytime I try and just...

7. UNIX for Advanced & Expert Users

Blocking particular website for specific thinclients on Ubuntu

We have server which is connected with more than 10 thin client machine. I have tried to block the websites ( facebook, orkut,twitter ) for all the users. it works fine for me. But , I want to block for particular user ( thinclient ) or by the way of IP address of machine. How can I do that.

8. Shell Programming and Scripting

How to run sudo commands under a script?

Hi, I am new to scripting. I am trying to write a script to ssh one remote machine and run a sudo command. ssh <hostname> sudo -S <command> < ~/pass.txt I am stored my password in pass.txt. I am getting error sudo: no tty present and no askpass program specified Please suggest me how can...

9. Shell Programming and Scripting

Ssh not supporting sudo and sqlplus commands

Hi Guys , I was facing an issue some thing like , I have to connect remote machine and should execute few commands over there , I am able to run some simple commands , but below commands are throws error like not found. eg : sudo su - username and sqlplus user/pwd@db , srvrmgr commands etc ...

10. Ubuntu

Sudo commands without puting in .bashrc

dear all, When I start my laptop, I need to run one command /etc/init.open-afs start and it require sudo privilege. The only solution which occur to me is to put this command in .bashrc. But then the trouble comes as everytime I open any new tab it ask for the sudo password, which is pretty...

LEARN ABOUT SUNOS

shells

shells(4)							   File Formats 							 shells(4)

NAME

       shells - shell database

SYNOPSIS

       /etc/shells

DESCRIPTION

       The shells file contains a list of the shells on the system. Applications use this file to determine whether a shell is valid. See getuser-
       shell(3C). For each shell a single line should be present, consisting of the shell's path, relative to root.

       A hash mark (#) indicates the beginning of a comment; subsequent characters up to the end of the line are not interpreted by  the  routines
       which search the file. Blank lines are also ignored.

       The  following  default	shells are used by utilities: /bin/bash, /bin/csh, /bin/jsh, /bin/ksh, /bin/pfcsh, /bin/pfksh, /bin/pfsh, /bin/sh,
       /bin/tcsh,  /bin/zsh,  /sbin/jsh,  /sbin/sh,  /usr/bin/bash,  /usr/bin/csh,  /usr/bin/jsh,  /usr/bin/ksh,  /usr/bin/pfcsh,  /usr/bin/pfksh,
       /usr/bin/pfsh, and /usr/bin/sh, /usr/bin/tcsh, /usr/bin/zsh. Note that /etc/shells overrides the default list.

       Invalid shells in /etc/shells may cause unexpected behavior (such as being unable to log in by way of ftp(1)).

FILES

       /etc/shells	       lists shells on system

SEE ALSO

       vipw(1B), ftpd(1M), sendmail(1M), getusershell(3C), aliases(4)

SunOS 5.10							    4 Jun 2001								 shells(4)

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Logging all commands after a sudo su-

Discussion started by: linuxmtl

2. Shell Programming and Scripting

blocking the commands result

Discussion started by: rag84dec

3. AIX

Add sudo executable commands

Discussion started by: ITHelper

4. UNIX for Advanced & Expert Users

allow user to use sudo cp on a specific directory and only a specific file

Discussion started by: cokedude