10 More Discussions You Might Find Interesting
1. Red Hat
Hi,
I wanted add a group to the sudoers file so they can run sudo commands and blocked su command but it seems they can just run sudo -i to switch to root which defeats my purpose.
Is it possible to block sudo -i with the help of sudoers file or any other way.
Please advise.
The below... (1 Reply)
Discussion started by: Jartan
1 Replies
2. AIX
hi,
I want to restrict some user access to only 1 directory (including all sub-directories/files in it).
can you please explain me, how can we do this?
example;
Filesystem GB blocks Used Free %Used Mounted on
/dev/hd4 2.61 1.02 1.59 40% /
/dev/hd2 ... (7 Replies)
Discussion started by: aaron8667
7 Replies
3. Shell Programming and Scripting
My git user has permission in sudoers to run a wrapper script to move files into my webroot.
Everything is working fine except for the chown line. After the script has run, the files ar still root:root instead of apache:apache.
Scratching my head...:confused:
#!/bin/sh
echo
echo "****... (4 Replies)
Discussion started by: dheian
4 Replies
4. Shell Programming and Scripting
does anyone know how to exclude a directory with chown or chmod?
im trying to do something like this
chown $username:$username $directory/*
chown $username:$username $directory/.*
chown $username:$username $directory
and
find $directory/* -type f -exec... (1 Reply)
Discussion started by: vanessafan99
1 Replies
5. Ubuntu
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a... (17 Replies)
Discussion started by: explorer007
17 Replies
6. OS X (Apple)
I was following a tutorial on installing Homebrew and I changed the ownership of /usr/local/ to me. Now McAfee Security won't start This is the exact line I typed:
sudo chown -R `whoami` /usr/local
Then I tried to fix it with:
sudo chown -R root /usr/local
I still can't start mcafee. It say... (7 Replies)
Discussion started by: chancho
7 Replies
7. Shell Programming and Scripting
Hi All,
I need your help in changing the owner of a directory.
I have a created a direcotry TEST with user "abc"....for the group "ftp".
Now i wnated to change the owner of the directory TEST.
i used the below command to do so:
chown abc:sftp TEST
This is giving me an error... (5 Replies)
Discussion started by: ch33ry
5 Replies
8. Red Hat
Hi
I have a Fedora10 server and i need a particular user to view files only in a particular folder.
All other files in other folders having "read" permission for all shouldn't be accessible to this user.
Please let me know if ther's a way.
Thanks,
HG (5 Replies)
Discussion started by: Hari_Ganesh
5 Replies
9. UNIX for Dummies Questions & Answers
Hi
I executed command "chown -R xxx:xxx /" with user root... and it was too late when I found the mistake. Ownership of some files under the root directory had already become xxx:xxx. Is there a way that can recovery the ownership of all my files back to the point where they were? I really thanks. (2 Replies)
Discussion started by: password636
2 Replies
10. UNIX for Dummies Questions & Answers
Hi every1,
There is a folder with .lst files which has email id's of our project group.
I want to find files which has my email id starting with sachin but i dont want find command to search subdirectories. I have read about prune but i didnt understand that. I am pretty new in this field.... (7 Replies)
Discussion started by: sachin.gangadha
7 Replies
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)