12-20-2004
entry in /etc/group too long - problem using sudo with %group
hi folks,
I've been googling for quite some time, but still can't find anything near it...my problem is the following:
for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I can only get up to 512 bytes in a line for a group entry, or in other words the secondary group can only hold up to 512 characters, which is not really enough for the amount of users we are using. the problem is also, that sudo relies in our landscape on %group entries for different secondary groups, but since the secondary groups can't hold enogh users, not all the users who normally should can run sudo!
did anyone come across this problem before?
how do you manage the user authentification with a large number of users using sudo?
thanks a lot!
poli
9 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
Hello
I'm writing a program for managing accounts and groups in a linux system.
My problem is how to update the members of a group in the /etc/group file,if i have to add/remove those members.
total 3 variables for adding some new members to the group :
char **oldmembers=grp->gr_mem; ... (1 Reply)
Discussion started by: mekos
1 Replies
2. Shell Programming and Scripting
Hi All
I do have a file like this with 6 columns. Groups of data merge together and the group number is indicated above each group.
1
1 12 26 289 3.2e-027 GCGTATGGCGGC
2 12 26 215 6.7e+006 TTCCACCTTTTG
3 9 26 175 ... (1 Reply)
Discussion started by: Lucky Ali
1 Replies
3. Shell Programming and Scripting
I've this file and need to sort the data in each group
File would look like this ...
cat file1.txt
Reason : ABC
12345-0023
32123-5400
32442-5333
Reason : DEF
42523-3453
23345-3311
Reason : HIJ
454553-0001
I would like to sort each group on the last 4 fileds and print them... (11 Replies)
Discussion started by: prash184u
11 Replies
4. Solaris
All:
I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...).
The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies
5. UNIX for Advanced & Expert Users
Hello,
When listing the file systems (using ls -ltr) , if the group names are longer the group name is getting truncated.
Can someone help with the script which would display the truncated group name?
I appreciate if someone could help in this regard. (1 Reply)
Discussion started by: mike12
1 Replies
6. Shell Programming and Scripting
/etc/group
tiadm::345:mk789,po312,jo343,ju454,ko453,yx879,iy345,hn453
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
/etc/passwd
mk789:x:234:1::/export/home/dummy:/bin/sh
po312:x:234:1::/export/home/dummy:/bin/sh
ju454:x:234:1::/export/home/dummy:/bin/sh... (6 Replies)
Discussion started by: chidori
6 Replies
7. Solaris
I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies
8. SuSE
Hi All,
I have created a openSUSE 12.3 VM in my VirtualBox. I have created one user and added that user to my group.
Is there any command by which I can add that user to sudoers user group like we do in ubuntu?
#sudo adduser user1 sudo
I checked the /etc/groups file, but there is no sudo... (1 Reply)
Discussion started by: sanzee007
1 Replies
9. Programming
I'm trying to return only one row with the highest value for PCT_MAX_USED. Any suggestions?
When I add this code, I get the ORA-00937 error.
trunc(max(decode( kbytes_max, 0, 0, (kbytes_alloc/kbytes_max)*100))) pct_max_used
This is the original and returns all rows.
select (select... (3 Replies)
Discussion started by: progkcp
3 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)