i have tried to use a sudo command from a user level . but instead of asking for user password it asked for root password . how should i go about it .
And i wish to ask how should i allow a list of command to be allowed to used for a member of a particular group in SUDOERS FILE. i dont know how to formulate in the below code from sudoers file
Interesting. I hadn't heard of this before, but from some quick Googlings it seems that this is the default behaviour of sudo on openSUSE. If you edit the sudoers file you'll probably find a line like this:
Defaults targetpw
If you comment that line out, then sudo should prompt for the user's own password rather than the password for the root account.
On to your second point, specifying commands a user or group can run. That can be done with an entry like this (in this case, I'm specifying the commands that members of the unixforum group can run without being prompted for a password):
thank you very much drysdalk for correct and prompt answer.
may i ask why percentage in front of uniform group name is written ..does it has special meaning.
and from the above code , is there a special way of representing if its username or group name.
---------- Post updated at 11:29 AM ---------- Previous update was at 10:34 AM ----------
i have tried to make a particular user name james to able to open and edit sudoers file . but seems something went wrong . can u help me out with that
The percent sign (%) at the start of the line signifies that this is a UNIX group name, and not a username. So it will affect all members of the group called unixforum, and not simply one single user. Lines without a percent symbol would affect only individual users and not groups.
The point of the sudoers file is to specify commands that users can run, not to list all the files or things they can access. So putting the sudoers file itself in the sudoers file doesn't actually make any sense. You also missed out the space between the colon and the command list, which may be important in your implementation.
So, if you wanted to give the user james permission to use sudo to edit the sudoers file, you'd actually want a line like this:
james ALL=NOPASSWD: /usr/sbin/visudo
It's worth pointing out that this isn't actually a good idea at all. Letting a user edit the sudoers file themselves via sudo is very dangerous and not at all secure, since they could then give themselves permission to run anything at all. If you're going to do that you might as well let the user run any and all commands without a password, since all you're really using sudo for at that point is to get a passwordless su.
There is a book called "Sudo Mastery- User Access Control for Real People" by Michael W Lucas. I find it very useful for understanding the sudo configuration as he explains it in simple terms.
Last edited by Don Cragun; 03-28-2017 at 01:30 AM..
i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet.
and do i have to use the # chgkey -p afterwards?
i need to patch is why i am asking.
thanks (1 Reply)
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Hi All
I had installed sudo in HP UX 11.3 and it is working fine but not able to make entry required to set permission similar to ROOT without using password (PASSWD) change option for define user in /etc/sudoers file
Please help if some know the syntex? :confused::wall: (2 Replies)
Hi All
Hope it's okay to post on this sub-forum, couldn't find a better place
I've got a 480R running solaris 8 with veritas volume manager managing all filesystems, including an encapsulated root disk (I believe the root disk is encapsulated as one of the root mirror disks has an entry under... (1 Reply)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Hi,
Whenever I open my unix box,after providing username and password I get the following message.
Are you authorised to use this computer as detailed above? (Y)es/(N)o : y
Export: Release 10.2.0.2.0 - Production on Mon May 16 16:00:15 2011
Copyright (c) 1982, 2005, Oracle. All rights... (5 Replies)
Hello All,
I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Hi All
Plz guide me in setting ssh on local machine so that password will not be asked.
I have written a script abc.ksh on machineA to execute a script sampletest.ksh available on machineB
Conent of abc.ksh is as follows
ssh -q bali@machineB sh ClaimGenFeed/claim/sampletest.ksh... (1 Reply)
Hi all..
I'm secering a RH 2.1 server, with gnome (not my choice...), as X manager.
Is ther anyway to get sudo ask for root password other then the actual user's password? Like when you launch the graphical IHM to create a new user, it asks for root's password? Is there a way to do the same... (5 Replies)