|
|
Sponsored Content
Operating Systems
Solaris
Sudo -s restriction
Post 302963740 by neutronscott on Tuesday 5th of January 2016 11:39:55 AM
01-05-2016
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
How do l restrict more than one users on a multiple programming environment using the c shell profile. That is if a user is log-on on one terminal the system should be able to prompt a message if the users attempt to log on on another terminal. I user openserver 5.0.4 with dummy terminals, and also... (7 Replies)
Discussion started by: kayode
7 Replies
2. Filesystems, Disks and Memory
Dear all,
I am trying to create a new user account that can have the minimum access to the HP-Ux box, as in it only need to perform system info query like bdf and only able to read access system log files but not able to delete any file from any other directory beside it's own user directory... (5 Replies)
Discussion started by: gelbvonn
5 Replies
3. UNIX for Advanced & Expert Users
Platform: AIX
Shell: KSH
Does anyone have a good way of warning users that when they do a 'vi' in a certain directory that they cannot save any changes in that directory.
For instance, if I have a production id that has all scripts in /myprod/dir, and if anyone comes to this directory and does... (1 Reply)
Discussion started by: giannicello
1 Replies
4. Solaris
I have a senario and i wonder how to do it ? i used NcFTPd and i dont think its applicable using that application or i didnt know how to configure it.
i want to have a user for FTP that user is only restricted to put and get from a certain directory and all sub-directories for that directory,... (0 Replies)
Discussion started by: mduweik
0 Replies
5. AIX
I want to restrict user's loging according to number of session.
example the user named "patrik" can be login concurrently from 12 stations thru telnet the 13th if some body tries to telnet 13th session it should not allow, until any of the 12 sessions are closed.
is it possibel ...i think... (2 Replies)
Discussion started by: pchangba1
2 Replies
6. AIX
hi,
I am facing a problem
from the remote system if i login to my AIX5.3 machine as root (thru telnet) the session does not expire for 2 hours even if the session is kept ideal
But whenever i do the same thing from some other user then the session is lost within 10 minutes (if session is kept... (2 Replies)
Discussion started by: pchangba
2 Replies
7. UNIX for Advanced & Expert Users
Dear All
I had one user called msc. In that i had two folder.xxx and yyy
ex: /home/msc/xxx
ex: /home/msc/yyy
Now i want that msc user only able to access xxx folder only. No other folder should be visible to it.
Kindly let me know. How it possile??
Regards
Jaydeep (3 Replies)
Discussion started by: jaydeep_sadaria
3 Replies
8. AIX
Hi,
I'm at AIX 5.3, I have a print queue named chqprinter, I want to allow access to print only 2 users to that print queue, jobs printed by all other users to above queue should be deleted.
Any idea how to achieve that?
---------- Post updated at 10:33 AM ---------- Previous update was at... (5 Replies)
Discussion started by: tayyabq8
5 Replies
9. UNIX for Dummies Questions & Answers
Hello,
I would to create a new user with some restriction:
1. The user will not be able to CD any directory (I mean he'll login to the defined home directory and that's all).
2. The user will not be able to delete anything in that home directory
Thanks a lot in advance,
Shahar (1 Reply)
Discussion started by: shaharoz
1 Replies
10. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8) PAM_SSH_AGENT_AUTH This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails. SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys /etc/sudoers: Defaults env_keep += "SSH_AUTH_SOCK" This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can either be local, or forwarded. Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry. ARGUMENTS
file=<path to authorized_keys> Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) allow_user_owned_authorized_keys_file A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically whenever the expansions %h or ~ are used. debug A flag which enables verbose logging sudo_service_name=<service name you compiled sudo to use> (when compiled with --enable-sudo-hack) Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER. This defaults to "sudo". EXPANSIONS
~ -- same as in shells, a user's Home directory Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file %h -- User's Home directory Automatically enables allow_user_owned_authorized_keys_file %H -- The short-hostname %u -- Username %f -- FQDN EXAMPLES
in /etc/pam.d/sudo "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" The default .ssh/authorized_keys file in a user's home-directory "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys" Same as above. "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys" If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'. "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself. "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root. v0.8 2009-08-09 pam_ssh_agent_auth(8)