Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Script help on sudo access validation
Top Forums Shell Programming and Scripting Script help on sudo access validation Post 302971193 by Kiran008 on Sunday 17th of April 2016 01:37:58 PM
Old 04-17-2016
RedHat
Here is the tables

server system account name DBA account name x a p y b q z c r

i can ssh the servers remotely & passwd is not asked.

dba will not get the root but only sudo to "system account" , say oracle account.

---------- Post updated at 12:37 PM ---------- Previous update was at 12:37 PM ----------

table

HTML Code:
          server   system account name   DBA account name       x   a   p       y   b   q       z   c   r
Last edited by Kiran008; 04-17-2016 at 02:38 PM.. Reason: table format
 

10 More Discussions You Might Find Interesting

1. Linux

sudo access verification

Hi All, I got lots of request with sudo, a manager request, verbal command, do this and do that. The problem with this kind of request is when I added that script and that. It will not be perfect, it's because I can't verify the userid sudo access, I can't reset their password as well, I... (2 Replies)
Discussion started by: itik
2 Replies

2. AIX

sudo user access

I have installed sudo on AIX 6100-04 and want to know how do I set it up for a user to be able to run only some commands? I want to give the user the rights to only cd to certain directories and run the ls command to name a few? Are there any issues with running sudo when the user is forced to... (2 Replies)
Discussion started by: daveisme
2 Replies

3. Shell Programming and Scripting

ONLY SU Sudo access

Hello All, I want to create a script that will do ONLY su to any user on the server with hpadmin login using sudo. Can anyone let me know how can it do it. Regards Ankit (1 Reply)
Discussion started by: ajaincv
1 Replies

4. UNIX for Dummies Questions & Answers

sudo/root access

I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'. I tried and got a error message like "not allowed". After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well. Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies

5. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

6. UNIX for Advanced & Expert Users

Help needed in sudo access

I want to give root access to a user called denielr on server - tsprd01, but do not want to share root password. I have sudoers configured already. He should have all access equal to root. I made this entry in /etc/sudoers, but it is not working denielr tsprd01 =(root) NOPASSWD: ALL I tried to... (2 Replies)
Discussion started by: solaris_1977
2 Replies

7. Solaris

Sudo access in Solaris

Install the sudo pkg SFWsudo.tar bash#tar -xvf SFWsudo.tar bash#pkgadd -d . SFWsudo path may be /opt/sfw/bin Make entry the user name in sudoer file path of the sudoer file /opt/sfw/etc/sudoers check with the below command as a user (not as a root user) user1$... (1 Reply)
Discussion started by: Narendiran
1 Replies

8. Shell Programming and Scripting

Script to delete sudo access in redhat 5.4

Hi , This site is veryhelpful in resolving many issues.I have a request to delete sudo access for 3 users say user1,user2,user3 from around 50 servers in redhat 5.4.I know it is very time consuming to login to each server and delete entry in /etc/sudoers file.Is there any way can i do it... (4 Replies)
Discussion started by: muraliinfy04
4 Replies

9. UNIX for Dummies Questions & Answers

Inheriting SUDO access?

I had a question on users inheriting SUDO capabilities of another account. Let's say that there are three users A, B, and C. A has access to Sudo into B. B has access to Sudo into C. Does this give A access to sudo into B and then sudo into C. A -> B B -> C A -> B -> C ? Another example. My... (2 Replies)
Discussion started by: sbcopty
2 Replies

10. Shell Programming and Scripting

Using plink with sudo access

I have similar issue as mentioned in 167174-how-run-script-using-batch-file.html It works good, but the control is not coming back to source i tried adding exit to remote script. Thanks, Suresh (0 Replies)
Discussion started by: snsuresh
0 Replies

LEARN ABOUT SUNOS

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 01:47 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy