Hello all,
I have a script (script.sh) that is owned and executed by root. Now I need to give another user (user1) sudo access to execute that script.
I edited the /etc/sudoers file, and created the following:
My question is: How can I make it so when user1 runs the script, it uses the same environmental variables as root?
I read about this option: Defaults env_keep, but in this case I don't know exactly how many environmental variables I need to keep.
Is there any way that I can keep all the environmental variables of root when user1 uses sudo to execute the script?
Thank you!
how do i go about adding a file to sudo so a user name oracle can run the file???
for some reason my man pages dont have anything for sudo.
files sudoers exist in /etc
can anyone help this is urgent
thank you (1 Reply)
Hi, I was wondering if someone can give me some pointers about configuring SUDO. I am trying to configure SUDO to have about 30 users run about 200 scripts as a different user. I understand that I can create an User_Alias but how do I give that User_Alias rights to run all the scripts in a certain... (5 Replies)
Folks;
I have a sudo question:
- I have a real user named "greg" and another generic user named "devuser" & application that must be run like start/stop as "devuser" user.
Is there a way to:
Have user Greg login into the Solaris 10 box as himself then sudo as "devuser" to be able to... (10 Replies)
Hello, I would like to know what should I put on the sudoers file to block a determined group os using just one specific command as root?
He can do anything, but not execute program X, how can I do this?
Thank you very much. (2 Replies)
Hi,
Is it possible to stop users from copying a login shell, say bash, to another name and then executing it via sudo to gain root priviliges?
Normal users have read access to login shells, so they can copy them without any limitations. How can I stop this?
Thanks (12 Replies)
Hello all,
Anyone fimilar with su -l command?
So when I do su -l <user> any user it doesn't prompt me for password for that user. How I enable sudo to prompt for password whenever su -l command is used.
Please help!
thanks,
-Lalit
:D (7 Replies)
Folks;
I have SUDO configured on my SUSE boxes to allow a specific groups to run specific duties so one group has ALL permission & other group has permission to run a few commands only.
when i look at the sudoer log, i see people login info only,
Is there a way to capture every thing users do... (3 Replies)
Hi All
I want to grant elevated privs to a user that will be running a script as a background task. It will be launched from an ssh session via an embedded command in its key that just allows that account to run that script.
I'm reading up on sudo and notice that -
user ALL=(ALL) ALL
... (2 Replies)
I am running AIX 6.6.5.115 and am experiencing a problem using sudo. I have shell scripts that I created for our HR user and shell scripts that I created for root administrators. I do have a need to embed a sudo command in the user shell script to run one command as root. However the two... (8 Replies)
Discussion started by: RonDeF
8 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)