12-20-2004
entry in /etc/group too long - problem using sudo with %group
hi folks,
I've been googling for quite some time, but still can't find anything near it...my problem is the following:
for useradministration in our company we are using ssh/sudo, now whenever I try to add users (we have quite a number of users) with useradd -G groupname for secondary group I can only get up to 512 bytes in a line for a group entry, or in other words the secondary group can only hold up to 512 characters, which is not really enough for the amount of users we are using. the problem is also, that sudo relies in our landscape on %group entries for different secondary groups, but since the secondary groups can't hold enogh users, not all the users who normally should can run sudo!
did anyone come across this problem before?
how do you manage the user authentification with a large number of users using sudo?
thanks a lot!
poli
9 More Discussions You Might Find Interesting
1. UNIX and Linux Applications
Hello
I'm writing a program for managing accounts and groups in a linux system.
My problem is how to update the members of a group in the /etc/group file,if i have to add/remove those members.
total 3 variables for adding some new members to the group :
char **oldmembers=grp->gr_mem; ... (1 Reply)
Discussion started by: mekos
1 Replies
2. Shell Programming and Scripting
Hi All
I do have a file like this with 6 columns. Groups of data merge together and the group number is indicated above each group.
1
1 12 26 289 3.2e-027 GCGTATGGCGGC
2 12 26 215 6.7e+006 TTCCACCTTTTG
3 9 26 175 ... (1 Reply)
Discussion started by: Lucky Ali
1 Replies
3. Shell Programming and Scripting
I've this file and need to sort the data in each group
File would look like this ...
cat file1.txt
Reason : ABC
12345-0023
32123-5400
32442-5333
Reason : DEF
42523-3453
23345-3311
Reason : HIJ
454553-0001
I would like to sort each group on the last 4 fileds and print them... (11 Replies)
Discussion started by: prash184u
11 Replies
4. Solaris
All:
I'm having a problem with sudo on Solaris 5.10 that is giving me fits (and BTW, I'm a Linux admin by trade...).
The issue is that I have a number of users (myself included) that cannot sudo to root to complete user admin tasks. Assuming the user is jdoe, and the group with the elevated... (3 Replies)
Discussion started by: rjlohman
3 Replies
5. UNIX for Advanced & Expert Users
Hello,
When listing the file systems (using ls -ltr) , if the group names are longer the group name is getting truncated.
Can someone help with the script which would display the truncated group name?
I appreciate if someone could help in this regard. (1 Reply)
Discussion started by: mike12
1 Replies
6. Shell Programming and Scripting
/etc/group
tiadm::345:mk789,po312,jo343,ju454,ko453,yx879,iy345,hn453
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
/etc/passwd
mk789:x:234:1::/export/home/dummy:/bin/sh
po312:x:234:1::/export/home/dummy:/bin/sh
ju454:x:234:1::/export/home/dummy:/bin/sh... (6 Replies)
Discussion started by: chidori
6 Replies
7. Solaris
I'm looking for some suggestions to accomplish what a specific user needs, without adding them to the "sudoers" group. I have X user, that is requesting to be able to change file permissions on items owned by others and search directories where X user doesn't have access. I'm open to any... (2 Replies)
Discussion started by: Nvizn
2 Replies
8. SuSE
Hi All,
I have created a openSUSE 12.3 VM in my VirtualBox. I have created one user and added that user to my group.
Is there any command by which I can add that user to sudoers user group like we do in ubuntu?
#sudo adduser user1 sudo
I checked the /etc/groups file, but there is no sudo... (1 Reply)
Discussion started by: sanzee007
1 Replies
9. Programming
I'm trying to return only one row with the highest value for PCT_MAX_USED. Any suggestions?
When I add this code, I get the ORA-00937 error.
trunc(max(decode( kbytes_max, 0, 0, (kbytes_alloc/kbytes_max)*100))) pct_max_used
This is the original and returns all rows.
select (select... (3 Replies)
Discussion started by: progkcp
3 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)