05-12-2016
Sudo syntax
Anyone know of a way shorten a Cmnd_Alias when multiple similar commands are used? For example, I need to grant access to /usr/bin/systemctl start <service>, /usr/bin/systemctl stop <service>, /usr/bin/systemctl restart <service>, and /usr/bin/systemctl status <service>. I think there is a way to do something like /usr/bin/systemctl [start|stop|restart|status] <service>, but I'm not sure what the syntax would be.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
2. UNIX for Dummies Questions & Answers
Hi guys,
As I understand it, there is a file within my unix account that will list the users that I am able to sudo to.
Is there any way that I can list these users out without actually accessing the file?
many thanks
Skinny (2 Replies)
Discussion started by: skinnygav
2 Replies
3. Cybersecurity
we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I... (0 Replies)
Discussion started by: robsonde
0 Replies
4. AIX
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies
5. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
6. Shell Programming and Scripting
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies
7. Shell Programming and Scripting
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies
8. Emergency UNIX and Linux Support
Im Using Centos Version
$ cat /etc/redhat-release
CentOS release 6.4 (Final)
I'm Using Sudo Version
$ sudo -V
Sudo version 1.8.6p3
Sudoers policy plugin version 1.8.6p3
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p3
tried to setup notification mail for sudo,... (2 Replies)
Discussion started by: babinlonston
2 Replies
9. Red Hat
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies
SMRSH(8) System Manager's Manual SMRSH(8)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in sendmail(8) configuration files. It sharply limits
the commands that can be run using the ``|program'' syntax of sendmail in order to improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program without going through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in a single directory, by default /usr/lib/sendmail.d/bin/ allowing the system administrator to choose
the set of acceptable commands, and to the shell builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the
characters ``', `<', `>', `;', `$', `(', `)', `
' (carriage return), or `
' (newline) on the command line to prevent ``end run'' attacks.
It allows ``||'' and ``&&'' to enable commands like: ``"|exec /usr/local/bin/filter || exit 75"''
Initial pathnames on programs are stripped, so forwarding to ``/usr/bin/vacation'', ``/usr/bin/vacation'', ``/home/server/mydir/bin/vaca-
tion'', and ``vacation'' all actually forward to `/usr/lib/sendmail.d/bin/vacation''.
System administrators should be conservative about populating the /usr/lib/sendmail.d/bin/ directory. For example, a reasonable additions
is vacation(1), and the like. No matter how brow-beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
/usr/lib/sendmail.d/bin/ directory. Note that this does not restrict the use of shell or perl scripts in the /usr/lib/sendmail.d/bin/
directory (using the ``#!'' syntax); it simply disallows execution of arbitrary programs. Also, including mail filtering programs such as
procmail(1) is a very bad idea. procmail(1) allows users to run arbitrary programs in their procmailrc(5).
COMPILATION
Compilation should be trivial on most systems. You may need to use -DSMRSH_PATH="path" to adjust the default search path (defaults to
``/bin:/usr/bin'') and/or -DSMRSH_CMDDIR="dir" to change the default program directory (defaults to ``/usr/lib/sendmail.d/bin/'').
FILES
/usr/lib/sendmail.d/bin/ - default directory for restricted programs on SuSE Linux
SEE ALSO
sendmail(8)
$Date: 2004/08/06 03:55:35 $ SMRSH(8)