Sudoers in complex scenario Post: 302844195

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Sudoers in complex scenario Post 302844195 by cwiggler on Saturday 17th of August 2013 03:27:45 AM

08-17-2013

Registered User

Hi in2nix4life, thanks a lot for the very good example on how to achieve my goal.

I have few question that I would like to ask, would it be possible if I don't create a group but instead use the User_Alias and add users into it?

I also want the users to only execute the command in 3 servers. I do have 20 servers at all and the sudoers file is being distributed to all. How would I achieve that? would it be possible to use Host_Alias?

Would this work?

Code:

User_Alias WWWADMINS = user1, user2, user3
Host_Alias SERVERS = server1, server2, server3

WWWADMINS SERVERS=(apache_admin) /usr/sbin/apachectl
WWWADMINS SERVERS=(apache_admin) NOPASSWD: /usr/sbin/apachectl

Quote:

Originally Posted by in2nix4life

This may help point you in the right direction:

Code:

Create a group for these users and add them to it:
i.e.
wwwadmins = user1,user2,user3

In the /etc/sudoers file add the following entries.

Give the group permissions to run commands as specific users (using apache
as an example):

Require Password
%wwwadmins ALL=(apache_admin) /usr/sbin/apachectl

Password-less
%wwwadmins ALL=(www_admin) NOPASSWD: /usr/sbin/apachectl

Save the file. 

To verify run:

sudo -l
User user1 may run the following commands on this host:
    (apache_admin) /usr/sbin/apachectl

Then to run the command:

sudo -u apache_admin /usr/sbin/apachectl

Hope this helps.

cwiggler

View Public Profile for cwiggler

Find all posts by cwiggler

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Weird scenario with Awk

Guys, this one is rather odd. I've got an array of numbers, and I'm trying to select only the records with the string "Random" in the 4th column. I'm using awk in this format: awk '{ if (( $6 -eq Random )) print $0 }' For some odd reason, this is simply giving me the list of all the entries...

2. Ubuntu

ftp gateway scenario

I currently have Win 2003 setup with a server residing in the DMZ as a gateway forwarding ftp traffic via port 44000 to the ftp server behind the firewall. I want to setup the same with RedHat Linux. Need information on what software module would duplicate the above, and pass all ftp/sftp/ssl...

3. Shell Programming and Scripting

file sending scenario

hi all i have a view in the database with columns prod_no,prod_nm, prod_code using a shell script i should query this view and dump the data in a delimited flat file and send to another ftp server.... i also have to schedule this periodically using cron tab. can you...

4. Shell Programming and Scripting

SFTP scenario

#!/usr/bin/ksh Archive_Dir='/apps/SrcFiles/MTCHG_GFTS/BRGR/Archive' Source_Dir='/apps/SrcFiles/MTCHG_GFTS/BRGR' cd $Source_Dir HOST='xyz.abc.com' USER='abcOUT' PSW='xyzOUT' file="Request*.pgp" for i in 1 2 3 4 5 6 do sftp $USER@$HOST <<END_SCRIPT $PSW bin if ] ; then ...

5. Shell Programming and Scripting

How to use IFS in this scenario?

Given the scenario like this, if at all if have to use IFS on the below given example, how it should be used. IFS=/ eg: /xyz/123/348/file1 I want to use the last slash /file1 . So can anyone, suggest me how to pick the last "/" as a IFS.

6. Shell Programming and Scripting

How to Script This Scenario

hi all, i have to schedule an email containing the information about some orphan connections existing on the server depending upon the system date. the format of the info to be sent in email is : Process id username servername time when connection...

7. Shell Programming and Scripting

How to implement scenario?

hi, i am having three files which is having following data file1: field1 field2 field3 1 A B 2 C D 3 E F file2: 4 G H 1 I J 5 K L file3: 4 M N

8. Shell Programming and Scripting

Challenging scenario

Hi, My input file contains 1,2 2,4 3,6 4,9 9,10 My expected output is 1,10 2,10 3,6 4,1 9,10

9. Emergency UNIX and Linux Support

Help in below scenario

Hi, my file has the data like below: 11,231,ABCVAV 22,AAHJHAj22,hdsjkhdls 22,dhskjhdkshd 22,gdgkdkadh 11,232,dgsjgdjh 22,ghdskahdkja 22,shdkajshs 11,233,ddjs 22,dhjkahkd 22,hsajhaah 11,231,sjkjsjj 22,ahkh 22,hsakh From the above i need only the records which starts as 11,231...

10. Shell Programming and Scripting

Logic help with Scenario

Hello Folks I am looking for logic help for below scenerio with respect to AIX n unix script 1) We need to get the date of all the saturday in yr 2) L_o left over days is weeks left over days for previous month for eg. first sat of feb is 4th of feb in that week we have 29 - 30 - 31 from Jan...

LEARN ABOUT REDHAT

apachectl

apachectl(1)						      General Commands Manual						      apachectl(1)

NAME

       apachectl - Apache HTTP server control interface

SYNOPSIS

       apachectl command [...]

DESCRIPTION

       apachectl  is  a  front	end to the Apache HyperText Transfer Protocol (HTTP) server.  It is designed to help the administrator control the
       functioning of the Apache httpd daemon.

       NOTE: If your Apache installation uses non-standard paths, you will need to edit the apachectl script to set the appropriate paths to  your
       PID file and your httpd binary.	See the comments in the script for details.

       The apachectl script returns a 0 exit value on success, and >0 if an error occurs.  For more details, view the comments in the script.

       Full documentation for Apache is available at http://httpd.apache.org/

OPTIONS

       The command can be any one or more of the following options:

       start	   Start the Apache daemon.  Gives an error if it is already running.

       stop	   Stops the Apache daemon.

       restart	   Restarts  the  Apache  daemon by sending it a SIGHUP.  If the daemon is not running, it is started.	This command automatically
		   checks the configuration files via configtest before initiating the restart to make sure Apache doesn't die.

       fullstatus  Displays a full status report from mod_status.  For this to work, you need to have mod_status enabled  on  your  server  and  a
		   text-based  browser	such as lynx available on your system.	The URL used to access the status report can be set by editing the
		   STATUSURL variable in the script.

       status	   Displays a brief status report.  Similar to the fullstatus option, except that the list of requests currently being	served	is
		   omitted.

       graceful    Gracefully restarts the Apache daemon by sending it a SIGUSR1.  If the daemon is not running, it is started.  This differs from
		   a normal restart in that currently open connections are not aborted.  A side effect is that old log files will  not	be  closed
		   immediately.  This means that if used in a log rotation script, a substantial delay may be necessary to ensure that the old log
		   files are closed before processing them.  This command automatically checks the configuration files via configtest before  ini-
		   tiating  the restart to make sure Apache doesn't die.  On certain platforms that do not allow SIGUSR1 to be used for a graceful
		   restart, an alternative signal may be used (such as SIGWINCH).  graceful will send the right signal for your platform.

       configtest  Run a configuration file syntax test. It parses the configuration files and either reports Syntax Ok  or  detailed  information
		   about the particular syntax error.

       help	   Displays a short help message.

SEE ALSO

       httpd(8)

								  September 1997						      apachectl(1)