Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to setup sudoers file ?
Top Forums UNIX for Beginners Questions & Answers How to setup sudoers file ? Post 303002212 by mohtashims on Saturday 19th of August 2017 03:35:09 PM
Old 08-19-2017
Bug
Quote:
Originally Posted by hergp
For example
Code:
fred ALL=(apache) ALL

allows fred to switch to the apache user. He has to enter his own password every time he switches. If he shall be allowed to switch without entering his password, write:
Code:
fred ALL=(apache) NOPASSWD: ALL

---------- Post updated at 21:17 ---------- Previous update was at 21:16 ----------

OK, just saw your edit. If you want to assign rights to a group, use for example:
Code:
%techx ALL=(apache) NOPASSWD: ALL

what if i wish to switch all techx group users to apache group and NOT apache user?
 

10 More Discussions You Might Find Interesting

1. Linux

sudoers file

Hi, I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password. Can someone tell me what's wrong with my file? It's not working when I 'sudo SHUTDOWN' command: sudo: SHUTDOWN: command not found Thanks a lot! # Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies

2. UNIX for Advanced & Expert Users

Parsing Sudoers File

Does anyone know of a utility that can parse through a sudoers file and create an "expansion" dump of all users defined in the User Specification, outputting user, host, and command based on all defined Aliases? (3 Replies)
Discussion started by: jasondavey
3 Replies

3. UNIX for Dummies Questions & Answers

sudoers file questions

What is the difference between ALL and localhost in the bellow? # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now Thank you. (2 Replies)
Discussion started by: hemangjani
2 Replies

4. Solaris

sudoers file not found

root@dervish # cat /etc/sudoers cat: cannot open /etc/sudoers This is what I get when I try to search for the sudoers files. I want to create a user by name jda and assign him root privileges. How can I do that using sudo command and editing sudoers file. Please help me. (12 Replies)
Discussion started by: bharu_sri
12 Replies

5. UNIX for Advanced & Expert Users

sudoers file

i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password. my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp. Thank you. ... (2 Replies)
Discussion started by: noam128
2 Replies

6. Shell Programming and Scripting

Issue with sudoers file.

Hi All, I am new to sudoers file. I am asked to troubleshoot why a particular user (alandhi) is not able to run a script as a different user(scmtg). I have the following line in my sudoers file and the user's name added to the group. User_Alias QA_USERS = alandhi, testuser1, qauser3 ... (3 Replies)
Discussion started by: Tuxidow
3 Replies

7. Cybersecurity

Help with sudoers file - AIX

Hi all, I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want. Here's what I would like to have: => OS Users - John (group staff) - Bob (group staff) - app20adm (group app20grp) - app70adm (group app70grp) - sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies

8. Emergency UNIX and Linux Support

Getting details from sudoers file

Hi, I need the details of which ids belong to the sudoers file, and which groups these ids belong to. Can anyone suggest a way to derive that information into a flat file please? G (4 Replies)
Discussion started by: ggayathri
4 Replies

9. UNIX for Dummies Questions & Answers

Help with Sudoers file

Hi using Solaris 10. trying to update /etc/sudoers file I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message sudo su - >>> sudoers file: parse error, line 9 <<< >>> sudoers file: parse error, line 9 <<< ... (2 Replies)
Discussion started by: samnyc
2 Replies

10. Solaris

Sudoers file

In the sudoers file in Solaris... I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies

LEARN ABOUT DEBIAN

gsexec

GSEXEC(8)							  GridSite Manual							 GSEXEC(8)

NAME

       gsexec - Switch user before executing external programs

SYNOPSIS

       gsexec [-V]

SUMMARY

       gsexec  is used by the Apache HTTP Server to switch to another user before executing CGI programs. In order to achieve this, it must run as
       root.  Since the HTTP daemon normally doesn't run as root, the gsexec executable needs the setuid bit set and must be  owned  by  root.	It
       should never be writable for any other person than root.

       gsexec  is  based  on Apache's suexec, and its behaviour is controlled with the Apache configuration file directives GridSiteExecMethod and
       GridSiteUserGroup added to Apache by mod_gridsite(8) Four execution methods are supported: nosetuid,  suexec,  X509DN  and  directory,  and
       these may be set on a per-directory basis within the Apache configuration file.

NOSETUID METHOD

       This is the default behaviour, but can also be produced by giving GridSiteExecMethod nosetuid

       CGI  programs will then be executed without using gsexec, and will run as the Unix user given by the User and Group Apache directives (nor-
       mally apache.apache on Red Hat derived systems.)

SUEXEC METHOD

       If GridSiteExecMethod suexec is given for this virtual host or directory, then CGI programs will be executed using the user and group given
       by  the	GridSiteUserGroup  user  group directive, which may also be set on a per-directory basis (unlike suexec's SuexecUserGroup which is
       per-server only.) The CGI program must either be owned by root, the  Apache  user  and  group  specified  at  gsexec  build-time  (normally
       apache.apache) or by the user and group given with the GridSiteUserGroup directive.

X509DN METHOD
       If  GridSiteExecMethod  X509DN is given, then the CGI program runs as a pool user, detemined using lock files in the exec mapping directory
       chosen as build time of gsexec.	The pool user is chosen according to the client's full certificate X.509 DN  (ie  with	any  trailing  GSI
       proxy  name  components stripped off.) Subsequent requests by the same X.509 identity will be mapped to the same pool user. The CGI program
       must either be owned by root, the Apache user and group specified at gsexec  build-time	(normally  apache.apache)  or  by  the	pool  user
       selected.

DIRECTORY METHOD

       If  GridSiteExecMethod  directory  is given, then the CGI program runs as a pool user chosen according to the directory in which the CGI is
       located: all CGIs in that directory run as the same pool user. The CGI program must either be owned by root,  the  Apache  user	and  group
       specified at gsexec build-time (normally apache.apache) or by the pool user selected.

EXECMAPDIR

       The default exec mapping directory is /var/www/execmapdir and this is fixed when the gsexec executable is built. The exec mapping directory
       and all of its lock files must be owned and only writable by root. To initialise the lock files, create an empty lock file  for	each  pool
       user,  with the pool username as the filename (eg user0001, user0002, ...) As the pool users are leased to X.509 identities or directories,
       they will become hard linked to lock files with the URL-encoded X.509 DN or full directory path.

       You can recycle pool users by removing the corresponding URL-encoded hard link.	stat(1) and ls(1) with option -i can be used to print  the
       inodes of lock files to match up the hard links.

       However, you must ensure that all files and processes owned by the pool user are deleted before recycling!

OPTIONS

       -V     If  you are root, this option displays the compile options of gsexec.  For security reasons all configuration options are changeable
	      only at compile time.

MORE INFORMATION

       For further information about the concepts and the security model of the original Apache suexec please refer to the suexec documentation:

       http://httpd.apache.org/docs-2.0/suexec.html

       For examples using the gsexec extensions, please see the GridSite gsexec page:

       http://www.gridsite.org/wiki/Gsexec

AUTHORS

       Apache project, for original suexec

       Andrew McNab <Andrew.McNab@manchester.ac.uk> for gsexec modifications.

       gsexec is part of GridSite: http://www.gridsite.org/

SEE ALSO

       httpd(8), suexec(8), mod_gridsite(8)

gsexec								   October 2005 							 GSEXEC(8)
All times are GMT -4. The time now is 02:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy