How to provide root access via sudo with restrictions?
Hi,
I have a requirement to provide root access but user should not run some specific commands, How it is possible.
following is my configuration at sudoers file,
Code:
Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim
test2 ALL=(ALL)NOPASSWD: ALL, !MYLIMIT
%wheel ALL = NOPASSWD:ALL, !MYLIMIT
its not working, following is next attempt
Code:
test2 ALL=(ALL)NOPASSWD: !/usr/bin/passwd, !/usr/sbin/visudo ALL
#OR#
test2 ALL=(ALL)NOPASSWD: ALL, !/usr/bin/passwd, !/usr/sbin/visudo
nothing worked, after all attempts following is result
Code:
[test2@rhel6-server ~]$ sudo su
Last login: Sat Mar 10 17:15:07 IST 2018 on pts/12
[root@rhel6-server test2]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
Please help
Moderator's Comments:
Please use CODE (not ICODE) tags as required by forum rules!
Last edited by RudiC; 03-10-2018 at 08:47 AM..
Reason: Changed CODE tags.
Hi,
I need to provide execute access to certain users and not to all users
For ex: if ther is a file /home/august/aug.sh.
and there are user's like jan,feb,mar,april,May and jan is the owner of that box. I need to provide execute access to feb and mar only. I also know the root pwd for... (3 Replies)
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the... (1 Reply)
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin... (6 Replies)
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT OPENSOLARIS
shells
shells(4) File Formats shells(4)NAME
shells - shell database
SYNOPSIS
/etc/shells
DESCRIPTION
The shells file contains a list of the shells on the system. Applications use this file to determine whether a shell is valid. See getuser-
shell(3C). For each shell a single line should be present, consisting of the shell's path, relative to root.
A hash mark (#) indicates the beginning of a comment; subsequent characters up to the end of the line are not interpreted by the routines
which search the file. Blank lines are also ignored.
The following default shells are used by utilities: /bin/bash, /bin/csh, /bin/jsh, /bin/ksh, /bin/ksh93, /bin/pfcsh, /bin/pfksh, /bin/pfsh,
/bin/sh, /bin/tcsh, /bin/zsh, /sbin/jsh, /sbin/sh, /usr/bin/bash, /usr/bin/csh, /usr/bin/jsh, /usr/bin/ksh, /usr/bin/ksh93, /usr/bin/pfcsh,
/usr/bin/pfksh, /usr/bin/pfsh, and /usr/bin/sh, /usr/bin/tcsh, /usr/bin/zsh, and /usr/sfw/bin/zsh. /etc/shells overrides the default list.
Invalid shells in /etc/shells could cause unexpected behavior, such as being unable to log in by way of ftp(1).
FILES
/etc/shells list of shells on system
SEE ALSO vipw(1B), ftpd(1M), sendmail(1M), getusershell(3C), aliases(4)SunOS 5.11 20 Nov 2007 shells(4)
03-10-2018
