|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Sudo to delegate permission from non-root user to another non-root user
Post 302619985 by canar on Friday 6th of April 2012 05:03:24 PM
04-06-2012
Sudo to delegate permission from non-root user to another non-root user
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to give "canar" user root permission in sudoers, see below:
Host_Alias LAB = linuxbox
User_Alias LABTRUSTED = canar
Cmnd_Alias LABADMIN = /bin/bash, /bin/su, /bin
LABTRUSTED LAB=(ALL) NOPASSWD: LABADMIN
And run any command:
canar@linuxbox$ sudo -i -u duck 'id'
But basically, this is a huge security hole since canar can run whatever he wants as anyone (including root)
I want to restrict canar user to be able to login as duck user (or as anyone from a given group) without providing root access
Edit: want to restrict canar user to be able to run an identified command as duck user (or as anyone from a given group) without providing root access
Any help would be welcome!
~canar
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to give "canar" user root permission in sudoers, see below:
Host_Alias LAB = linuxbox
User_Alias LABTRUSTED = canar
Cmnd_Alias LABADMIN = /bin/bash, /bin/su, /bin
LABTRUSTED LAB=(ALL) NOPASSWD: LABADMIN
And run any command:
canar@linuxbox$ sudo -i -u duck 'id'
But basically, this is a huge security hole since canar can run whatever he wants as anyone (including root)
I want to restrict canar user to be able to login as duck user (or as anyone from a given group) without providing root access
Edit: want to restrict canar user to be able to run an identified command as duck user (or as anyone from a given group) without providing root access
Any help would be welcome!
~canar
|
|
10 More Discussions You Might Find Interesting
1. Solaris
Hi
my directory not accepting any commands. its simply telling permission denied. i tried ( cp, mv, rm ) as roor
i want to set default permissons to this DIR
please find the Logs below.
dr-xr-xr-x 1 root root 1 Jun 1 09:04 AP1_ROP ( original dir)
root> chmod 777... (5 Replies)
Discussion started by: vijayq8
5 Replies
2. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
3. Shell Programming and Scripting
I've been bashing my head on the desk for 2 days trying to get this to work, but I've had no luck. I'll try to be as clear as possible in my explanation without dragging out the details. I'm trying to set up a cron job for user "john" which runs a script. This script initiates an ssh connection to... (5 Replies)
Discussion started by: eh3civic
5 Replies
4. Shell Programming and Scripting
Hi,
I have a shell script file which is set to access permission 000. When I login as root (sudo su) and try to run this script, I am getting the Permission denied error. I have read somewhere that root admin user can execute any kind of permission script. Then why this behavior? However, I can... (1 Reply)
Discussion started by: royalibrahim
1 Replies
5. Solaris
hi guys..
how to give root permission for particular user
tel me step by step (2 Replies)
Discussion started by: coolboys
2 Replies
6. UNIX for Advanced & Expert Users
Hi!! one strange problem occurred with my RHEL 5 box.
i'm having logs folder with ownership of non-root user. Created some files with root user under logs folder.
here is the scene:
-rw-r----- 1 root root 1048227 Feb 28 12:34 SystemOut_13.02.28_12.34.10.log
-rw-r----- 1 root root ... (6 Replies)
Discussion started by: sukhdip
6 Replies
7. Shell Programming and Scripting
Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal.
I want to give some users a root level access.
Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way
Regards
ADI (4 Replies)
Discussion started by: adisky123
4 Replies
8. UNIX for Dummies Questions & Answers
Hi All,
I need to give an user sudo ability to root.
We have also generated RSA key but unable to proceed further.
For example after a user logs into the server normally and when he executes below command
$ssh root@server_name
This should take you to root prompt #
Please help me.... (3 Replies)
Discussion started by: Rockyc3400
3 Replies
9. Red Hat
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies
10. Solaris
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT DEBIAN
fntsample
fntsample(1) General Commands Manual fntsample(1) NAME
fntsample - PDF and PostScript font samples generator SYNOPSIS
fntsample [ OPTIONS ] -f FONT-FILE -o OUTPUT-FILE fntsample -h DESCRIPTION
fntsample program can be used to generate font samples that show Unicode coverage of the font and are similar in appearance to Unicode charts. Samples can be saved into PDF (default) or PostScript file. OPTIONS
fntsample supports the following options. --font-file, -f FONT-FILE Make samples of FONT-FILE. --font-index, -n IDX Font index for FONT-FILE specified using --font-file option. Useful for files that contain multiple fonts, like TrueType Collec- tions (.ttc). By default font with index 0 is used. --output-file, -o OUTPUT-FILE Write output to OUTPUT-FILE. --other-font-file, -d OTHER-FONT Compare FONT-FILE with OTHER-FONT. Glyphs added to FONT-FILE will be highlighted. --other-index, -m IDX Font index for OTHER-FONT specified using --other-font-file option. --postscript-output, -s Use PostScript format for output instead of PDF. --svg, -g Use SVG format for output. The generated document contains one page. Use range selection options to specify which. --print-outline, -l Print document outlines data to standard output. This data can be used to add outlines (aka bookmarks) to resulting PDF file with pdfoutline program. --include-range, -i RANGE Show characters in RANGE. --exclude-range, -x RANGE Do not show characters in RANGE. --style, -t "STYLE: VAL" Set STYLE to value VAL. Run fntsample with option --help to see list of styles and default values. --help, -h Display help text and exit. Parameter RANGE for -i and -x can be given as one integer or a pair of integers delimited by minus sign (-). Integers can be specified in decimal, hexadecimal (0x...) or octal (0...) format. One integer of a pair can be missing (-N can be used to specify all characters with codes less or equal to N, and N- for all characters with codes greather or equal to N). Multiple -i and -x options can be used. EXAMPLES
Make PDF samples for font.ttf and write them to file samples.pdf: fntsample -f font.ttf -o samples.pdf Make PDF samples for font.ttf, compare it with oldfont.ttf and highlight new glyphs. Write output to file samples.pdf: fntsample -f font.ttf -d oldfont.ttf -o samples.pdf Make PostScript samples for font.ttf and write output to file samples.ps. Show only glyphs for characters with codes less or equal to U+04FF but exclude U+0370-U+03FF: fntsample -f font.ttf -s -o samples.ps -i -0x04FF -x 0x0370-0x03FF Make PDF samples for font.ttf and save output to file samples.pdf adding outlines to it: fntsample -f font.ttf -o temp.pdf -l > outlines.txt pdfoutline temp.pdf outlines.txt samples.pdf AUTHOR
Copyright (C) 2007 Eugeniy Meshcheryakov <eugen@debian.org> Homepage: <http://fntsample.sourceforge.net/> SEE ALSO
pdfoutline(1) 2010-10-14 fntsample(1)