How to provide root access via sudo with restrictions?
Hi,
I have a requirement to provide root access but user should not run some specific commands, How it is possible.
following is my configuration at sudoers file,
Code:
Cmnd_Alias MYLIMIT = /usr/bin/passwd /sbin/shutdown /usr/bin/reboot /usr/sbin/visudo /bin/vi /usr/bin/vim
test2 ALL=(ALL)NOPASSWD: ALL, !MYLIMIT
%wheel ALL = NOPASSWD:ALL, !MYLIMIT
its not working, following is next attempt
Code:
test2 ALL=(ALL)NOPASSWD: !/usr/bin/passwd, !/usr/sbin/visudo ALL
#OR#
test2 ALL=(ALL)NOPASSWD: ALL, !/usr/bin/passwd, !/usr/sbin/visudo
nothing worked, after all attempts following is result
Code:
[test2@rhel6-server ~]$ sudo su
Last login: Sat Mar 10 17:15:07 IST 2018 on pts/12
[root@rhel6-server test2]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
Please help
Moderator's Comments:
Please use CODE (not ICODE) tags as required by forum rules!
Last edited by RudiC; 03-10-2018 at 08:47 AM..
Reason: Changed CODE tags.
Hi,
I need to provide execute access to certain users and not to all users
For ex: if ther is a file /home/august/aug.sh.
and there are user's like jan,feb,mar,april,May and jan is the owner of that box. I need to provide execute access to feb and mar only. I also know the root pwd for... (3 Replies)
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the... (1 Reply)
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
I access over 100 SUSE SLES servers as root from my admin server, via ssh sessions using ssh keys, so I don't have to enter a password. My SUSE Admin server is setup in the following manner:
1) Remote root access is turned off in the sshd_config file.
2) I am the only user of this admin... (6 Replies)
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
LEARN ABOUT DEBIAN
qshutdown
qshutdown(1) General Commands Manual qshutdown(1)NAME
qshutdown - An avanced shutdown tool
SYNOPSIS
qshutdown [options]
DESCRIPTION
qshutdown is a simple tool to choose a time or a number of minutes to shutdown, reboot, suspend or hibernate after.
qshutdown will show itself 3 times as a warning if there are less than 70 seconds left. (if 1 Minute or local time +1 Minute was set
it'll appear only once.)
This program uses qdbus to send a shutdown/reboot/suspend/hibernate request to either the gnome- or kde-session-manager, to
HAL/ConsoleKit/DeviceKit/UPower and if none of these works, the command 'sudo shutdown' will be used.
OPTIONS -h --help
Prints options with description.
-i Prints information about qshutdown.
-v Prints all errors and warnings.
NOTES
When sending the request to HAL or ConsoleKit, or the shutdown command is used, the Session will never be saved. If the shutdown command is
used, the program will only be able to shutdown and reboot.
If nothing happens when the shutdown- or reboot-time is reached, it means that one lacks the rights for the shutdown command. In this case
one can do the following: Post the following in a terminal:
$ EDITOR=nano sudo -E visudo
and add this line:
* ALL = NOPASSWD:/sbin/shutdown
whereas * replaces the username or %groupname.
For admins:
If you want qshutdown to run with "parental lock" for every user, you can do
$ sudo cp /usr/share/qshutdown/autostart/99qshutdown /etc/X11/Xsession.d/
and set the option Lock_all in /root/.qshutdown/qshutdown.conf to true. Note that qshutdown has to start once to generate the qshut-
down.conf. Furthermore there is a need to do
$ EDITOR=nano sudo -E visudo
and add the following line to the sudoers:
* ALL = NOPASSWD:/usr/bin/qshutdown
If you should ever forget your set password, just remove the whole line starting with Password manually from the qshutdown.conf.
FILES
The configurationfile (and logfile) is located at ~/.qshutdown/ (under Linux/Unix). The maximum Number of countdown_minutes is 1440 (24
hours).
KNOWN ISSUES
There is no system tray icon for qshutdown in Ubuntu 11.04.
SOLUTION: Type the following line in a terminal:
$ gsettings set com.canonical.Unity.Panel systray-whitelist "['all']"
HINTS ON USAGE
If you want qshutdown to stop "bugging" you, just remove the hook from "warnings on?".
HOTKEYS
Ctrl+I information window
Ctrl+Q Quit
Ctrl+P Prefereces
Ctrl+L write the run time once into the logfile (works
only if qshutdown quits. To make it permanent set it in the preferences.)
Ctrl+S set to shutdown
Ctrl+R set to restart
Ctrl+U set to suspend to RAM
Ctrl+H set to hibernate
Ctrl+E stop timer (only if the countdown has started and
the admin didn't restrict the access)
Shift+E to edit the config file (for this a password is
necessary. If you are a user, you can set an "empty password" (leave the password field empty)).
AUTHOR
Christian Metscher <hakaishi@web.de>
2011-10-23 qshutdown(1)
03-10-2018
