Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: forcing users to su
Operating Systems Solaris forcing users to su Post 88651 by Perderabo on Monday 7th of November 2005 04:27:48 PM
Old 11-07-2005
sudo is freeware and not officially supported by Sun. We use it on our Suns though.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

forcing irq on PCMCIA card

ENV: linux Version: Mandrake 8.1, PCMCIA card: longshine lcs-8534TB. (supported according the PCMCIA docs) laptop is P-II lifetec /etc/sysconfig/pcmcia: PCMCIA=yes PCIC=i82365 ( found via probe -m ) PCIC_OPTS="cs_irq=11 pci_irq_list=11,11 do_scan=0" ( you see i want to force irq 11 )... (3 Replies)
Discussion started by: progressdll
3 Replies

2. UNIX for Advanced & Expert Users

forcing su on a user

This is for 3 os's, AIX, Solaris, and AIX, didnt want to post three seperate times on the same subject, anyways, I want to force the user MQM to su, i.e. not be able to rlogin/telnet to the box as user MQM, only login as there ID(chris for example) and su to MQM, does anyone know how to do this,... (4 Replies)
Discussion started by: csaunders
4 Replies

3. Solaris

forcing password change every X days?

Hi, how do I go about forcing users to change their password every, say, 30 days? Aaron (1 Reply)
Discussion started by: amheck
1 Replies

4. UNIX for Dummies Questions & Answers

Forcing Makefile to Ignore Errors

Is there A way I can Force a makefile to ignore errors? i believe it is using gcc. i have a set of commands in the makefile that i want to run and each time the makefile gets to the point of this commands, it aborts because of the commands. how can i get the makefile to keep running... (3 Replies)
Discussion started by: SkySmart
3 Replies

5. UNIX for Dummies Questions & Answers

Forcing web pages to anti-aliase

Here is an observation that has started to riddle me and perhaps someone can enlighten me. When a web page (or desktop page for that matter) uses the standard font, it is not anti-aliased, unless the user opts in to do so via the desktop settings. It appears however that fonts are not... (0 Replies)
Discussion started by: figaro
0 Replies

6. Red Hat

Forcing a kernel panic in RHEL 5.4

Hello, Is there a way to force a kernel panic in RHEL 5.4 in such a way that the machine reboots after the panic. Thanks, Kanna (1 Reply)
Discussion started by: kanna_geekworkz
1 Replies

7. UNIX for Dummies Questions & Answers

AWK: Backslash \ and forcing output not to go onto new lines

Dear all, I am using Mac OSX, have been successfully written an awk script during the last days. I use the script to convert parts of a .dot-file into graphml code. First question: Backslash My .dot-code includes repeatedly the sign "\n". I would like to search for this sign and substitute... (4 Replies)
Discussion started by: ingli
4 Replies

8. Shell Programming and Scripting

Forcing a tty session but getting a password prompt?

I have a master host I want to use to issue some start/stop of LDAP services. I changed the client hosts /etc/sudoers to have Defaults:infra !requiretty The master host kicks off the jobs using the infra account doing a ssh session to the infra account on the clients. #!/bin/ksh ps -fu... (5 Replies)
Discussion started by: J-Man
5 Replies

9. Hardware

Forcing Linux to keep charging my Kindle

Linux seems to have weird USB power saving features, my Kindle 3 only gets some charge before Linux powers down the USB port. When the device is mounted, it doesn't get enough power, with this same hardware under Windows I don't get the message on the Kindle "currently your kindle is not... (2 Replies)
Discussion started by: John Tate
2 Replies

10. Programming

Forcing a write to a file without newline?

Hello, I am writing a program which runs with root privileges, and it creates a child with lowered privileges and has to redirect it's stdout and stderr to a file and then run bash. The problem is, whenever I read this file, I want to see all of the current output, even when the program is still... (10 Replies)
Discussion started by: madd-games
10 Replies

LEARN ABOUT LINUX

sudo_root

sudo_root(8)						      System Manager's Manual						      sudo_root(8)

NAME

       sudo_root - How to run administrative commands

SYNOPSIS

       sudo command

       sudo -i

INTRODUCTION

       By  default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
       the installer will set up sudo to allow the user that is created during install to run all administrative commands.

       This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use  a  graphical
       sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.

       To  run	a  command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
       sudo -i.

ALLOWING OTHER USERS TO RUN SUDO

       By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo,  you
       have to add these users to the group 'admin' by doing one of the following steps:

       * In a shell, do

	   sudo adduser username admin

       * Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.

BENEFITS OF USING SUDO

       The benefits of leaving root disabled by default include the following:

       * Users do not have to remember an extra password, which they are likely to forget.

       * The installer is able to ask fewer questions.

       * It  avoids  the  "I  can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
	 which should make you think about the consequences of what you are doing.

       * Sudo adds a log entry of the command(s) run (in /var/log/auth.log).

       * Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
	 not know is what the usernames of your other users are.

       * Allows  easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
	 compromising the root account.

       * sudo can be set up with a much more fine-grained security policy.

       * On systems with more than one administrator using sudo avoids sharing a password amongst them.

DOWNSIDES OF USING SUDO

       Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:

       * Redirecting the output of commands run with sudo can be confusing at first. For instance consider

	   sudo ls > /root/somefile

	 will not work since it is the shell that tries to write to that file. You can use

	   ls | sudo tee /root/somefile

	 to get the behaviour you want.

       * In a lot of office environments the ONLY local user on a system is root. All other users  are	imported  using  NSS  techniques  such	as
	 nss-ldap.  To	setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
	 leave the system unusable. An extra local user, or an enabled root password is needed here.

GOING BACK TO A TRADITIONAL ROOT ACCOUNT

       This is not recommended!

       To enable the root account (i.e. set a password) use:

	   sudo passwd root

       Afterwards, edit the sudo configuration with sudo visudo and comment out the line

	   %admin  ALL=(ALL) ALL

       to disable sudo access to members of the admin group.

SEE ALSO

       sudo(8), https://wiki.ubuntu.com/RootSudo

								 February 8, 2006						      sudo_root(8)
All times are GMT -4. The time now is 08:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy