Login or Register to Ask a Question and Join Our Community


Cybersecurity

sudo /bin/sh or sudo su -

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity sudo /bin/sh or sudo su -
# 1  
Old 07-19-2010
sudo /bin/sh or sudo su -
we are looking at changing the way we get root on our network.

in our current system if an admin needs root access he just gets the root password and uses an su.

some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I feel that we should stick with root passwords.



what are the thoughts out there?






some background on our network that maybe of interest.
* we have a team of 9 unix admins who use root quite a lot.
* we have about 600 servers, solaris and HPUX.
* root passwords are kept in a password vault system that needs the user password to access.
* root passwords are changed every 6 months.
* our version of sudo is NOT standard, it can't be setup to let user sudo any command, it has to be setup for each and every command.
* auditing is not a big issue for us.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Red Hat

Sudo to user other than root but do not allow sudo to root

I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies

2. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

3. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

6. Shell Programming and Scripting

sudo and sudo sh

Hello, I'm TOTALLY NEW to Unix. I just want to ask about what do those two commands in a SIMPLE NON-FORMAL mean: sudo sudo sh Thanks. (1 Reply)
Discussion started by: SWEngineer
1 Replies

7. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

8. UNIX for Dummies Questions & Answers

Problems with Alias, /bin/sh and sudo

'exec /bin/sh' breaks alias -------------------------------------------------------------------------------- I have an application that requires su to root in order to run some commands. Unfortunately, my corporate policy only allows sudo so I created an alias in .profile as "alias su="su... (0 Replies)
Discussion started by: stulincoln
0 Replies

9. UNIX for Dummies Questions & Answers

sudo and su -

Hello The sudo is a "su" or "su -"? (i.e. it takes the user's profile also?) or is it me who define this? thanks (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

csp_sucp

csp_helper(1)							  USER COMMANDS 						     csp_helper(1)

  NAME
      csp_helper - A collection of caspar helper scripts

  SYNOPSIS
      csp_install dir (directory) file (file)

      csp_mkdircp dir (directory) file (file)

      csp_scp_keep_mode h ([user@]host) dir (directory) file (file)

      csp_sucp h ([user@]host) dir (directory) file (file)

  DESCRIPTION
      The  scripts  csp_install,  csp_mkdircp,	csp_scp_keep_mode  and csp_sucp are helpers for caspar(7). These scripts typically are not invoked
      directly, but via a Makefile which uses caspar. See the notes on	csp_PUSH  in  caspar(7)  for  information  on  how  to	link  csp_install,
      csp_scp_keep_mode and csp_sucp to caspar.

  install DESCRIPTION
      csp_install creates the required directory (if needed) and installs the file, preserving timestamps. It uses install(1).

  install EXAMPLES
       csp_INSTALL_OPTIONS='--owner=www-data --group=www-data' 
	csp_INSTALL_MODE=ugo=r 
	csp_install /srv/www index.html

       csp_INSTALL_MODE=u=rwx,go= csp_install /usr/local/sbin mkpasswd

  install ENVIRONMENT
      csp_install honors csp_INSTALL_OPTIONS and csp_INSTALL_MODE (default is u=rw,go=r).

  mkdircp DESCRIPTION
      csp_mkdircp calls mkdir(1) and cp(1).

  scp_keep_mode DESCRIPTION
      csp_scp_keep_mode  uses  ssh to copy a file to a remote host, keeping its file permission mode. The trick used is a combination of mktemp(1)
      and mv(1).  Useful if you'd like to be sure a file gets installed e.g. group writable, without fiddling with permission bits on  the  remote
      host.

  scp_keep_mode EXAMPLE
	chmod g+w rc
	csp_scp_keep_mode root@gandalf /etc/uruk rc

  scp_keep_mode ENVIRONMENT
      csp_scp_keep_mode honors csp_SSH ("ssh" by default).

  sucp DESCRIPTION
      csp_sucp calls cat(1) from within sudo(1) from within ssh(1). This allows one to copy files to accounts on hosts one can only reach by call-
      ing sudo on the ssh-reachable remote host.

      Typically, one wants to install a root-owned file, but one does not want to allow access to the root-account directly  from  ssh.  Typically
      sudo is used as an extra line of defense.

  sucp EXAMPLES
      Some examples:

	csp_sucp rms@bilbo /etc fstab

	csp_sucp monty-python commit/ trailer.txt

  sucp BUGS
      If  NOPASSWD  is	not  set in the sudoers(5) file, and one's timestamp is expired, csp_sucp will forward the sudo password prompt. The given
      password will be echoed on the console!

  AUTHOR
      Joost van Baal-Ili

  SEE ALSO
      caspar(7) The caspar homepage is at http://mdcc.cx/caspar/ .

  csp_helper 20120514						      14 mai 2012						       csp_helper(1)