Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudoers file
Operating Systems Solaris Sudoers file Post 302959496 by MadeInGermany on Tuesday 3rd of November 2015 03:55:20 PM
Old 11-03-2015
Try this command alias in sudoers
Code:
Cmnd_Alias SAVERM=/usr/bin/rm /path/to/dir1/*, /usr/bin/rm /path/to/dir2/*

and specify SAVERM as the allowed command for your users.
The users must use full path for command and arguments e.g.
Code:
sudo /usr/bin/rm /path/to/dir1/examplefile
sudo /usr/bin/rm /path/to/dir2/subdir/anotherfile

 

10 More Discussions You Might Find Interesting

1. Linux

sudoers file

Hi, I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password. Can someone tell me what's wrong with my file? It's not working when I 'sudo SHUTDOWN' command: sudo: SHUTDOWN: command not found Thanks a lot! # Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies

2. UNIX for Advanced & Expert Users

Parsing Sudoers File

Does anyone know of a utility that can parse through a sudoers file and create an "expansion" dump of all users defined in the User Specification, outputting user, host, and command based on all defined Aliases? (3 Replies)
Discussion started by: jasondavey
3 Replies

3. UNIX for Advanced & Expert Users

sudoers file

i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password. my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp. Thank you. ... (2 Replies)
Discussion started by: noam128
2 Replies

4. Solaris

usage of sudoers file?

All, I have sudo setup installed on my Soalris 10 box. Everything working fine as expected. I would like to setup granular level access for one of the user I use Rational Clearcase application which has its own command prompt /usr/atria/bin/cleartool Once i invloked i can run its... (4 Replies)
Discussion started by: baluchen
4 Replies

5. Cybersecurity

Help with sudoers file - AIX

Hi all, I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want. Here's what I would like to have: => OS Users - John (group staff) - Bob (group staff) - app20adm (group app20grp) - app70adm (group app70grp) - sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies

6. Shell Programming and Scripting

Scripting help with Sudoers file

Hello, Recently our team noticed access to groups had not been revoked per sudo file. We currently have around 160 AIX LPARS. I am hoping someone can help me write a script that would copy all sudoers file at each machine and dump into 1 large file for me to review. I have public... (1 Reply)
Discussion started by: audis$
1 Replies

7. UNIX for Dummies Questions & Answers

Pls. help with sudoers file...

Hi, I was asked to create sudoers file for operation team so they can sudo as another user and run few commands. I have updated /etc/sudoers file. User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS, Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies

8. Emergency UNIX and Linux Support

Getting details from sudoers file

Hi, I need the details of which ids belong to the sudoers file, and which groups these ids belong to. Can anyone suggest a way to derive that information into a flat file please? G (4 Replies)
Discussion started by: ggayathri
4 Replies

9. UNIX for Dummies Questions & Answers

Help with Sudoers file

Hi using Solaris 10. trying to update /etc/sudoers file I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message sudo su - >>> sudoers file: parse error, line 9 <<< >>> sudoers file: parse error, line 9 <<< ... (2 Replies)
Discussion started by: samnyc
2 Replies

10. UNIX for Beginners Questions & Answers

How to setup sudoers file ?

Hi, I have several employees of whom we have created Linux user ids as below. fred mohtashim jhon matt croft .... $ id uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Note: All my employee users belong to techx... (3 Replies)
Discussion started by: mohtashims
3 Replies

LEARN ABOUT FREEBSD

smrsh

SMRSH(8)						      System Manager's Manual							  SMRSH(8)

NAME

       smrsh - restricted shell for sendmail

SYNOPSIS

       smrsh -c command

DESCRIPTION

       The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files.  It sharply limits
       the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system.   Briefly,
       even  if  a  ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
       that he or she can execute.

       Briefly, smrsh limits programs to be in a single directory, by default /usr/libexec/sm.bin, allowing the system administrator to choose the
       set  of	acceptable  commands,  and  to the shell builtin commands ``exec'', ``exit'', and ``echo''.  It also rejects any commands with the
       characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
       It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''

       Initial	pathnames  on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation''
       all actually forward to ``/usr/libexec/sm.bin/vacation''.

       System administrators should be conservative about populating the sm.bin directory.  For example, a reasonable  additions  is  vacation(1),
       and  the  like.	No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the sm.bin direc-
       tory.  Note that this does not restrict the use of shell or perl scripts in the sm.bin directory (using the ``#!'' syntax); it simply  dis-
       allows  execution  of  arbitrary  programs.   Also,  including mail filtering programs such as procmail(1) is a very bad idea.  procmail(1)
       allows users to run arbitrary programs in their procmailrc(5).

COMPILATION

       Compilation should be trivial on most systems.  You may need to use -DSMRSH_PATH="path" to adjust the default search  path  (defaults	to
       ``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/libexec/sm.bin'').

FILES

       /usr/adm/sm.bin - default directory for restricted programs on most OSs

       /var/adm/sm.bin - directory for restricted programs on HP UX and Solaris

       /usr/libexec/sm.bin - directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD

SEE ALSO

       sendmail(8)

							   $Date: 2013-11-22 20:52:00 $ 						  SMRSH(8)
All times are GMT -4. The time now is 02:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy