You have to check the kind of command, some are external files like /usr/bin/who, others, cd for example, are shell builtins.
try this in ksh or bash:
You can use type to differentiate between things sudo can and cannot do.
BTW: if you grant sudo to that user for everything, you have given him/her complete control of the box. There is a file, /etc/sudoers, that lets you control commands like shutdown.
I think this is the wrong way to tackle the problem: sudo is for allowing users to execute commands they are normally not allowed to use. For instance: "shutdown" is only allowed for user "root", but you want to allow a specific user (other than root) to use this too (but not the other commands root is allowed to run). For this you create a sudo rule.
It doesn't make sense to control execution of each and every command in the system with sudo, because for this the normal filesystem flags (r-w-x) are sufficient. If you want all (normal) users not to use a specific command simply remove the x-flag from the executable and be done.
If you still need to use sudo at all after taking these considerations you could rewrite your code the following way:
You will have to make sure in /etc/sudoers that "sudo -l" doesn't require a password, of course.
bakunin is correct. Turning off/on each possible command is a waste of effort. Conversely, granting a blanket sudo to a user is promoting that user to a sysadmin, which is really a bad idea. For a variety of reasons.
sudo should be set up for a given user to do specific tasks.
We have "role" user accounts, that can only be accessed via su. These users are application owners, and can do maintenance, etc., on an app. That may be what you really want.
I know some commands are useless but I really don't want to complicate the end user and I need to have almost the same functionality as the normal shell
thanks a lot I' am going to try what you wrote here
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I... (0 Replies)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Hi all:
I am running sudo version 1.6.6. I would like to avoid any user the "sudo -s" command which opens a terminal giving the user full root access just like a root user essentially negating sudo. Is there any way to prevent users from giving this command ?
Your help in this is appreciated.
... (1 Reply)