I am using SUSE Linux Enterprise Server 10 SP2 (i586) and I had earlier ammended my sudoers file to allow users to become root user with "sudo su - " command
Now I am trying to add multiple users to the sudoers file to run several commands such as restarting the server, restarting the nagios services and for test purposes to edit the sudoers file (won't be implemented, it's just for test purposes)
When I had defined the host, user, and command alias in the sudoers life as such, I wasn't able to save the file. I kept getting this message:
Code:
>>> sudoers file: syntax error, line 13 <<<
sudo: parse error in /etc/sudoers near line 13
followed by options if I'd like to continue to edit, quit or save and exit (dangerous)
And this is how my sudo file look like:
Code:
my-mnag0:/etc # more sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = visudo
# Defaults specification
Defaults logfile=/var/log/sudo.log, log_year
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
GHELPDESK LAN = SUDO
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h no
changes are in different color and in bold
So what did I do wrong?
And yes, user test exists on the server:
Code:
my-mnag0:/etc # finger test
Login: test Name: test
Directory: /home/test Shell: /bin/sh
Never logged in.
No Mail.
No Plan.
my-mnag0:/etc #
I made the changes above but when i logged on as test user I am still not able to edit the sudoers file, I am getting permission denied & command not found error:
Code:
my-mnag0:~$ cd /etc
my-mnag0:/etc$ visudo
-sh: visudo: command not found
my-mnag0:/etc$ vi sudoers
---------- Post updated at 07:39 PM ---------- Previous update was at 07:36 PM ----------
and when a normal user attempted to "sudo su -" to become root it fails because of this parse error in sudoers file
Code:
my9849
my9849@my-mnag0:~> sudo su -
>>> sudoers file: syntax error, line 17 <<<
sudo: parse error in /etc/sudoers near line 17
my-mnag0:~ # visudo
Warning: undeclared Cmnd_Alias `SUDO' referenced near line 39
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = visudo
# Defaults specification
Defaults log_year, logfile=/var/log/sudo.log
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
GHELPDESK LAN = SUDO
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
so i had to login as root and revert all changes, would it work if i defined at the end of the sudoers file with specific commands for multiple users?
Last edited by hedkandi; 11-30-2011 at 11:41 PM..
Reason: forgot to close code syntax
And while running the command you still need to give the full path:
Code:
> sudo /usr/sbin/visudo
I would also recommend you to use Yast, I know you may not be used to it, but it works like a charm once you get confident with it.
You can find free training materials at the link below, they are a little bit old, but as you are dealing with SLES 10, you will not notice it. :-)
anyways I just amended what you had provided and guess what?
Code:
my-mnag0:~$ sudo /usr/sbin/visudo
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
test's password:
test is not allowed to run sudo on my-mnag0. This incident will be reported.
do i have to add test user to sysadm group or something?
my-mnag0:~$ sudo /usr/sbin/visudo
test's password:
test is not allowed to run sudo on my-mnag0. This incident will be reported.
my-mnag0:~$ date
Fri Dec 2 12:12:24 MYT 2011
Code:
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = /usr/bin/visudo
# Defaults specification
Defaults log_year, logfile=/var/log/sudo.log
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
Runas_Alias ROOT = root
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
GHELPDESK LAN = (ROOT) SUDO
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
#%test localhost=/sbin/shutdown -h now
can we try with a different command? (i.e start stop a service such as httpd or something like that)
Last edited by hedkandi; 12-01-2011 at 11:54 PM..
Reason: red highlights
Hi All,
I have the below requirement.
I want to copy the local file to remote after that i need to run the local script on a remote machine.When i use two ssh commnds i can achieve this. But i want to achieve this using one ssh command.
Below command to copy the local file to remote
ssh -q... (2 Replies)
Hello,
I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only.
Thanks
---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Hello I have a script which is working fine so far to generate HTML file. Now i am wondering how do i include a syntax where it can change itself to root user and execute a specific commands as root user.
Please help, Thanks in advance.
-Siddhesh (2 Replies)
I'm looking for a way to track commands that are run as root after a user runs sudo su - root. I have a profile set up for root that will track the commands by userid but if we change the shell it only stores it in that shells history file. (2 Replies)
Hello,
can someone please provide steps, can I restrict a multiple users to only access only sftp on a server, to perform upload and download of files on their home directories.
1. I have updated their login shell as /sbin/nologin.
anything else do I need to update.
Thanks, (3 Replies)
Hi,
I would like to know if there is anyway that I can pinpoint the user before/after he connects to the root? Also, I'm trying to find out what are the commands he inputs under root access. (6 Replies)
Hi All,
I have created an RPM installer and installed it via ROOT user & which works fine on Red Hat.
But the problem oocurs when a non root users try to run that application (from their account), it never got executed (being it has the execute permission i.e. chmod a+x somefile.sh).
I want... (6 Replies)
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Dear all
Ihave written a script in Hpux9.0, the ecript is working fine if I run it from root command prompt
But when I am running it thru /etc/profile or /user/.profile and login as a normal user, the owner of the process running the script is the normal user & hence cant run a root privileaged... (7 Replies)