04-06-2012
Sudo to delegate permission from non-root user to another non-root user
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to give "canar" user root permission in sudoers, see below:
Host_Alias LAB = linuxbox
User_Alias LABTRUSTED = canar
Cmnd_Alias LABADMIN = /bin/bash, /bin/su, /bin
LABTRUSTED LAB=(ALL) NOPASSWD: LABADMIN
And run any command:
canar@linuxbox$ sudo -i -u duck 'id'
But basically, this is a huge security hole since canar can run whatever he wants as anyone (including root)
I want to restrict canar user to be able to login as duck user (or as anyone from a given group) without providing root access
Edit: want to restrict canar user to be able to run an identified command as duck user (or as anyone from a given group) without providing root access
Any help would be welcome!
~canar
10 More Discussions You Might Find Interesting
1. Solaris
Hi
my directory not accepting any commands. its simply telling permission denied. i tried ( cp, mv, rm ) as roor
i want to set default permissons to this DIR
please find the Logs below.
dr-xr-xr-x 1 root root 1 Jun 1 09:04 AP1_ROP ( original dir)
root> chmod 777... (5 Replies)
Discussion started by: vijayq8
5 Replies
2. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
3. Shell Programming and Scripting
I've been bashing my head on the desk for 2 days trying to get this to work, but I've had no luck. I'll try to be as clear as possible in my explanation without dragging out the details. I'm trying to set up a cron job for user "john" which runs a script. This script initiates an ssh connection to... (5 Replies)
Discussion started by: eh3civic
5 Replies
4. Shell Programming and Scripting
Hi,
I have a shell script file which is set to access permission 000. When I login as root (sudo su) and try to run this script, I am getting the Permission denied error. I have read somewhere that root admin user can execute any kind of permission script. Then why this behavior? However, I can... (1 Reply)
Discussion started by: royalibrahim
1 Replies
5. Solaris
hi guys..
how to give root permission for particular user
tel me step by step (2 Replies)
Discussion started by: coolboys
2 Replies
6. UNIX for Advanced & Expert Users
Hi!! one strange problem occurred with my RHEL 5 box.
i'm having logs folder with ownership of non-root user. Created some files with root user under logs folder.
here is the scene:
-rw-r----- 1 root root 1048227 Feb 28 12:34 SystemOut_13.02.28_12.34.10.log
-rw-r----- 1 root root ... (6 Replies)
Discussion started by: sukhdip
6 Replies
7. Shell Programming and Scripting
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Discussion started by: adisky123
4 Replies
8. UNIX for Dummies Questions & Answers
Hi All,
I need to give an user sudo ability to root.
We have also generated RSA key but unable to proceed further.
For example after a user logs into the server normally and when he executes below command
$ssh root@server_name
This should take you to root prompt #
Please help me.... (3 Replies)
Discussion started by: Rockyc3400
3 Replies
9. Red Hat
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies
10. Solaris
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT DEBIAN
su-to-root
su-to-root(1) Debian GNU/Linux manual su-to-root(1)
NAME
su-to-root - A simple script to give an `interactive' front-end to su. It can be used in menu entry commands to ask for the root password
SYNOPSIS
su-to-root [-X] [-p <user>] -c <command>
DESCRIPTION
Most menu entries simply start an editor or a game or whatever. But some menu entries would like to give the user the ability to change
important settings in the system, that require root privileges. su-to-root can be used to ask for the root password.
OPTIONS
-c <command>
The command to execute as a string. This option is mandatory.
-p <user>
The name of the user to change to, instead of root.
-X The command is a X11 program that does not require a terminal. This is to be used with menu entries that declare needs="X11".
ENVIRONMENT
SU_TO_ROOT_X
Select the su-like program called by su-to-root -X. Supported values are gksu, kdesu, kde4su, ktsuss,
sux, gksudo and kdesudo. kde4su denotes the KDE4 version of kdesu.
When this variable is not set su-to-root will currently try to use gksu, kdesu, kde4su, ktsuss, sux and the built-in code, in that
order with the exception that under a KDE session, kdesu and kde4su are prefered over gksu.
The exact set of programs to try and their order is subject to change without notice.
SU_TO_ROOT_SU
Select the su-like program used in text mode. Supported values are sudo, sux and su, the later being the default.
FILES
/etc/su-to-rootrc
~/.su-to-rootrc
su-to-root will source these files at startup in this order. This lets you define and modify the environment variables above without
restarting your X session.
COPYING
su-to-root is distributed under the GNU General Public License. (GPL 2.0 or greater).
AUTHORS
Joost Witteveen <joostje@debian.org>
X11 support by Morten Brix Pedersen and Bill Allombert <ballombe@debian.org>
SEE ALSO
update-menus(1), menufile(5), /usr/share/doc/menu/html
Debian Project 20 October 1998 su-to-root(1)