|
|
Sponsored Content
Top Forums
Shell Programming and Scripting
Script to give a user sudo permissions
Post 302823313 by Revanth547 on Wednesday 19th of June 2013 06:24:51 AM
06-19-2013
|
|
10 More Discussions You Might Find Interesting
1. HP-UX
Hi,
I am a Unix Admin. I have to give the permissions to a user for creating new file in a directory in HP-Ux 11.11 system since he cannot able to create a new file in the directory.
Thanks in advance.
Mike (3 Replies)
Discussion started by: Mike1234
3 Replies
2. UNIX for Dummies Questions & Answers
Say I want to give someone access to /example/directory/* where * equals all the sub directories inside of /example/directory
I tried doing something like
joe DEV1=(ROOT) /example/directory/
But that doesn't seem to want to work. If I give him the full subdirectory... (3 Replies)
Discussion started by: LordJezo
3 Replies
3. Shell Programming and Scripting
Hi all,
I have a shell script that i started editing, only in the midst of which i tried to save the changes i found that the file wasnt been provided with write/execute permissions.
I later have redone the changes and saved the file-
Just curious to know if there was any command wherein... (5 Replies)
Discussion started by: Pankajakshan
5 Replies
4. UNIX for Dummies Questions & Answers
Does anyone know if this is possible?
I want to give some users access to root's crontab but only with a read privilege.
Is this possible to do or can only root or people with full root sudo view root's cron? (4 Replies)
Discussion started by: LordJezoX
4 Replies
5. Shell Programming and Scripting
Normally i would google, but I did not know how to google the problem I am facing now also being a newbie in shell scripting.
Okay, the requirement is
user1 has sudo rule to su - user2(NO PASSWORD) and user2 has will be able to sudo certain commands
so following works fine from command prompt... (2 Replies)
Discussion started by: beEnthu
2 Replies
6. Shell Programming and Scripting
Hello all,
I have created a script that will remove the first two lines of one text file (body.txt) and then add the text from a different text file (header.txt) directly to the beginning of the freshly modified body.txt file. It is as follows:
#!/bin/bash
## This script will add a header... (2 Replies)
Discussion started by: marcozd
2 Replies
7. Solaris
Hi all,
In Solaris , What entry should I add in my .profile file in home directory so that every time I don't have to give
Sudo's full path like
/usr/local/bin/sudo as well as /usr/sbin/ping
and it will be Great help if you could tell me how to know what should be added.
Please Advice.... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
8. Solaris
Hi,
I am using solaris 10. Requirement is I need to give sudo access to the normal id's to the application userid.
Example:I have an personal id calle "rzynv5" on the solaris server.I have an application id called "gmdidp".Requirement here is when user logged in as rzynv5 next thing he... (4 Replies)
Discussion started by: muraliinfy04
4 Replies
9. UNIX for Dummies Questions & Answers
Please help me to understand the issue:
Issue: There are shell scripts in a user home directory (/home/user_1)
without execute permissions (rw-r--r--) to owner,group and world
These shell scripts were able to execute/work previously but its not working now and it says permission denied or... (2 Replies)
Discussion started by: MSK_1990
2 Replies
10. UNIX for Beginners Questions & Answers
i want to give users the ability to create write and read files in other user directory , but not to have option to delete the file after created ( sticky bit not going to work here ... ) for example :
i have user : manager with directory repository
i have user : worker1 that need to write... (4 Replies)
Discussion started by: umen
4 Replies
LEARN ABOUT CENTOS
sssd-sudo
SSSD-SUDO(5) File Formats and Conventions SSSD-SUDO(5) NAME
sssd-sudo - Configuring sudo with the SSSD back end DESCRIPTION
This manual page describes how to configure sudo(8) to work with sssd(8) and how SSSD caches sudo rules. CONFIGURING SUDO TO COOPERATE WITH SSSD
To enable SSSD as a source for sudo rules, add sss to the sudoers entry in nsswitch.conf(5). For example, to configure sudo to first lookup rules in the standard sudoers(5) file (which should contain rules that apply to local users) and then in SSSD, the nsswitch.conf file should contain the following line: sudoers: files sss More information about configuring the sudoers search order from the nsswitch.conf file as well as information about the LDAP schema that is used to store sudo rules in the directory can be found in sudoers.ldap(5). Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname(1) to your NIS domain name (which equals to IPA domain name when using hostgroups). CONFIGURING SSSD TO FETCH SUDO RULES
All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf(5). To speed up the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option. The following example shows how to configure SSSD to download sudo rules from an LDAP server. [sssd] config_file_version = 2 services = nss, pam, sudo domains = EXAMPLE [domain/EXAMPLE] id_provider = ldap sudo_provider = ldap ldap_uri = ldap://example.com ldap_sudo_search_base = ou=sudoers,dc=example,dc=com When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured to use the compat tree (ou=sudoers,$DC). THE SUDO RULE CACHING MECHANISM
The biggest challenge, when developing sudo support in SSSD, was to ensure that running sudo with SSSD as the data source provides the same user experience and is as fast as sudo but keeps providing the most current set of rules as possible. To satisfy these requirements, SSSD uses three kinds of updates. They are referred to as full refresh, smart refresh and rules refresh. The smart refresh periodically downloads rules that are new or were modified after the last update. Its primary goal is to keep the database growing by fetching only small increments that do not generate large amounts of network traffic. The full refresh simply deletes all sudo rules stored in the cache and replaces them with all rules that are stored on the server. This is used to keep the cache consistent by removing every rule which was deleted from the server. However, full refresh may produce a lot of traffic and thus it should be run only occasionally depending on the size and stability of the sudo rules. The rules refresh ensures that we do not grant the user more permission than defined. It is triggered each time the user runs sudo. Rules refresh will find all rules that apply to this user, check their expiration time and redownload them if expired. In the case that any of these rules are missing on the server, the SSSD will do an out of band full refresh because more rules (that apply to other users) may have been deleted. If enabled, SSSD will store only rules that can be applied to this machine. This means rules that contain one of the following values in sudoHost attribute: o keyword ALL o wildcard o netgroup (in the form "+netgroup") o hostname or fully qualified domain name of this machine o one of the IP addresses of this machine o one of the IP addresses of the network (in the form "address/mask") There are many configuration options that can be used to adjust the behavior. Please refer to "ldap_sudo_*" in sssd-ldap(5) and "sudo_*" in sssd.conf(5). SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8). AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd SSSD
06/17/2014 SSSD-SUDO(5)