You shouldn't allow to edit any file at all via sudo. This is what group ownerships are meant for: instead of doing it via sudo you make the file owned by a certain group, grant the group the write-privilege and make any user allowed to edit the file a member of this group.
Now you add any user who should be able to edit the file to the "willedit" group and all others are left out.
The reason why you shouldn't do that via sudo is because most editors allow shell escapes and this is one of the classical ways to circumvent restrictions via sudo: to allow sudo vi /some/file for instance means that the user is allowed to set up the process vi /some/fileas root. Issuing ":!sh" in this vi session now escapes to a normal shell in which the user is now fully root. You don't need any sudo restrictions in place in this case any more.
Hi,
I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password.
Can someone tell me what's wrong with my file?
It's not working when I 'sudo SHUTDOWN' command:
sudo: SHUTDOWN: command not found
Thanks a lot!
# Host alias specification... (4 Replies)
What is the difference between ALL and localhost in the bellow?
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Thank you. (2 Replies)
Dear AIX/UNIX experts:
I have a demand to restricted a file to be copy by others, but this file must can be read by others/Applications.
As I tried, the chmod command cannot fulfill this requirement. But not sure if the ACL can achieve this function or not ?
Could anybody give me your... (8 Replies)
i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password.
my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp.
Thank you.
... (2 Replies)
HI guys i have a question.
Question 1: how do i modify a particular string?
e.g
echo "Please enter Book Title: "
read a
echo "Please enter Author: "
read b
if ]
then echo " Record found!"
which will then pop out a menu with the follow output
1. Update Name
2.... (1 Reply)
How to edit file content at the specific line? For example at below
The things to edit --> This is line 2. And it is below line 1.
This is line 1.
This is line 2. # i want to append some words at this row line. How?
This is line 3. (8 Replies)
Hi All,
I've made a script in order to delete the users. The script is deleting the users and removing its entry from the /etc/sudoers however it is changing the permissions of the /etc/sudoers file to the user from which it is executing the script.
#!/bin/ksh
#set -x
print "The script... (2 Replies)
Hi
using Solaris 10. trying to update /etc/sudoers file
I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message
sudo su -
>>> sudoers file: parse error, line 9 <<<
>>> sudoers file: parse error, line 9 <<<
... (2 Replies)
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies
LEARN ABOUT DEBIAN
viewsudo
VIEW-OS(1) General Commands Manual VIEW-OS(1)NAME
viewsudo - execute a command as another (virtual) user
SYNOPSIS
viewsudo [-g groupname|#gid] [-u username|#uid] command
DESCRIPTION
viewsudo allows a user to execute a command as the superuser or
another user in View-OS.
OPTIONS
viewsudo accepts the following command line options:
-g group
Normally, viewsudo sets the primary group to root. The -g option causes sudo to run the specified command with the primary group set
to group. To specify a gid instead of a group name, use #gid. When running commands as a gid, many shells require that the '#' be
escaped with a backslash ('[u2019]). If no -u option is specified, the command will be run as the invoking user (not root). In
either case, the primary group will be set to group.
-u user
The -u option causes viewsudo to run the specified command as a user other than root. To specify a uid instead of a user name, use
#uid. When running commands as a uid, many shells require that the '#' be escaped with a backslash ('[u2019]).
RETURN VALUES
Upon successful execution of a program, the exit status from viewsudo will simply be the exit status of the program that was executed.
SEE ALSO viewsu(1), sudo(1), linux.defs(5)AUTHORS
View-OS is a project of the Computer Science Department, University of Bologna. Project Leader: Renzo Davoli.
<http://www.sourceforge.net/projects/view-os>
Howto's and further information can be found on the project wiki <wiki.virtualsquare.org>.
NOTE
Most part of the text is taken from sudo(1).
VIEW-OS: a process with a view August 8, 2009 VIEW-OS(1)