1. I have user temp1 belonging to techx group
2. We have user tomcat belonging to webadm group
3. We have user root belonging to root group.
My requirement is temp1 user should be able to sudo to any user belonging to webadm group and then from webadm group to sudo to root i.e temp1 -> tomcat -> root
I made the below changes in bold to the sudoers file using visudo to fulfill the above requirement.
But for some strange reason temp1 is able to directly sudo to root bypassing webadm group's user as u can see below.
Can you please point out what is incorrect with my sudoers file above becoz of which it cant enforce users to techx to sudo to users of webadm and then eventually to root group ?
Last edited by rbatte1; 09-05-2017 at 10:18 AM..
Reason: Code tags
That "ALL:" goes a lot farther than you think it does. You're taking the list of all possible users then adding "webadm" to it.
By pure luck I faced the exact same problem a while ago, here is the syntax I wound up with:
It'd be just username, not %username, for anything not a group.
That "ALL:" goes a lot farther than you think it does. You're taking the list of all possible users then adding "webadm" to it.
By pure luck I faced the exact same problem a while ago, here is the syntax I wound up with:
It'd be just username, not %username, for anything not a group.
Hi,
I have several employees of whom we have created Linux user ids as below.
fred
mohtashim
jhon
matt
croft
....
$ id
uid=1018(jhon) gid=1003(techx) groups=1003(techx) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Note: All my employee users belong to techx... (3 Replies)
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Hi
using Solaris 10. trying to update /etc/sudoers file
I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message
sudo su -
>>> sudoers file: parse error, line 9 <<<
>>> sudoers file: parse error, line 9 <<<
... (2 Replies)
Hello,
Recently our team noticed access to groups had not been revoked per sudo file.
We currently have around 160 AIX LPARS.
I am hoping someone can help me write a script that would copy all sudoers file at each machine and dump into 1 large file for me to review.
I have public... (1 Reply)
i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password.
my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp.
Thank you.
... (2 Replies)
root@dervish # cat /etc/sudoers
cat: cannot open /etc/sudoers
This is what I get when I try to search for the sudoers files. I want to create a user by name jda and assign him root privileges. How can I do that using sudo command and editing sudoers file.
Please help me. (12 Replies)
What is the difference between ALL and localhost in the bellow?
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Thank you. (2 Replies)
Does anyone know of a utility that can parse through a sudoers file and create an "expansion" dump of all users defined in the User Specification, outputting user, host, and command based on all defined Aliases? (3 Replies)
Hi,
I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password.
Can someone tell me what's wrong with my file?
It's not working when I 'sudo SHUTDOWN' command:
sudo: SHUTDOWN: command not found
Thanks a lot!
# Host alias specification... (4 Replies)