Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Sudoers for one day per week?

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Sudoers for one day per week?
# 1  
Old 03-28-2014
Sudoers for one day per week?
I have been volunteered by my boss to be the sysadmin for our production redhat server. He asked me to tighten the security to avoid mishaps like "rm -f *" that occured not long ago.

Right now, we have 53 users sudo-ing into the machine and it is an audit nightmare. I am wondering if it possible to allow user access only on specific days of the week.

For example, can I have user 'Joe' allowed to login on Tuesdays and Thursdays ONLY and 'Jane' only on Sundays? Can "etc/sudoers" be customized to allow this?

Is there a better way instead of using sudoers?
# 2  
Old 03-28-2014
53 people using sudo why not but 53 people sudo root??

Well a better way would be to know what for, and allow sudo to specific commands (we do that by groups, but sudoers file is pages after...)
Why do they need sudo?
Last edited by vbe; 03-28-2014 at 02:55 PM..
# 3  
Old 03-28-2014
That you have 53 users using sudo, is certainly far better than 53 users using root! Smilie

sudo does not appear to support this directly, but sudo uses pam, which does have time-based limits. I'm not quite sure how to apply them here however.
# 4  
Old 03-28-2014
Quote:
Originally Posted by vbe
53 people using sudo why not but 53 people sudo root??

Well a better way would be to know what for, and allow sudo to specific commands (we do that by groups, but sudoers file is pages after...)
Why do they need sudo?
Why do they need sudo? Unknown...this was setup that way before I joined this team.

The majority of the users do create and mod ksh scripts which can affect database processes as well as data. Many mistakes were made which cause prod issues.

At least, the majority of users should not be able to use vi, cp, mv and rm.
# 5  
Old 03-28-2014
Quote:
Originally Posted by alan

For example, can I have user 'Joe' allowed to login on Tuesdays and Thursdays ONLY and 'Jane' only on Sundays? Can "etc/sudoers" be customized to allow this?

Is there a better way instead of using sudoers?

Yes, this can be a good idea.

I suggest you write a cron script that copies sudoers files with different configurations.

For example you create an sudoers file that does not permit sudoers (if that is what you want) and then keep that file in place (but make a copy); then on "Monday" for example, copy your current sudoers file in place which permits sudoers.

Then when Monday is "over" then copy your restrictive sudoers file in place.

This method can be very effective and you can control how users su "by the minute" if that pleases you. You can create any combination of permissions in sudoers files and move these files in and out of place as you like.
These 2 Users Gave Thanks to Neo For This Post:
alan Corona688
# 6  
Old 03-28-2014
This reminds me of a site I worked for 20 years ago... to do anything you had to be root...

All users should use vi cp mv and rm with caution ( write a script that does rm -i ... or add that as an alias in /etc/profile...) but then you should have groups defined ( by application ? ) where group members are allowed to modify files or add files to thouse group directories and others not...

Hey not bad Neo! Quite original the usage of many sudoers and cron...
# 7  
Old 03-29-2014
Quote:
Originally Posted by Neo
Yes, this can be a good idea.

I suggest you write a cron script that copies sudoers files with different configurations.

For example you create an sudoers file that does not permit sudoers (if that is what you want) and then keep that file in place (but make a copy); then on "Monday" for example, copy your current sudoers file in place which permits sudoers.

Then when Monday is "over" then copy your restrictive sudoers file in place.

This method can be very effective and you can control how users su "by the minute" if that pleases you. You can create any combination of permissions in sudoers files and move these files in and out of place as you like.
Neo, thank you. It seems like a much easier solution to implement for a n00b like me. A buddy suggested using PAM with sudo but to be honest, it is a bit out of my league.
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Get the week's day

Hi All, I have the below requirement , if i give the week number for ex 41 i need to get the date for Monday and thursday for this given week. my expected output is 13/10/2014 (Monday's date) and 16/10/2014 (Thursday's date) I am using GNU LINUX . Pls help me with your thoughts. Thanks in... (7 Replies)
Discussion started by: mohanalakshmi
7 Replies

2. HP-UX

Find Day of Week

In HP-UX the date command does not have the "-d" switch like some other *nixes do. I'm working a simple script to tell me, given the day, month and year what day of the week that falls on. Assuming valid day, month and year input (I'd perform quality checks on the input separately, but not... (5 Replies)
Discussion started by: rwuerth
5 Replies

3. UNIX for Dummies Questions & Answers

Day of the week from a string

Hi All, I need to know how to derive the day of the week by passing the value in following format: Feb 28 2010 The output I'm expecting is Sunday or Sun. I know, I can use the following code to get the day of the week. date +%a But I want to pass the value as a string. Please help... (11 Replies)
Discussion started by: shash
11 Replies

4. Shell Programming and Scripting

Get day of week from cal

Hi all, I am trying to get dow from cal using below script #! /bin/bash YEAR=`echo $1 | cut -c 1-4` MONTH=`echo $1 | cut -c 5-6` DAY=`echo $1 | cut -c 7-8` for i in 1 2 3 4 5 6 7 do dayofweek=`cal $MONTH $YEAR | awk '$i == $DAY {printf("%s","$i")}'` echo $dayofweek... (4 Replies)
Discussion started by: bzylg
4 Replies

5. UNIX and Linux Applications

Day of week different in windows and Linux

Hi all, My program is getting date from database (oracle) and am getting that date's day of week also. In windows its giving one number and different in linux ;) For Example: 30 - Jun - 2009 Am getting 2 in windows and 3 in Linux. Am not understanding whats going wrong.. Am... (3 Replies)
Discussion started by: rajinavaneethan
3 Replies

6. HP-UX

Get Day of Week from date

Hi All, I have date in string format 'YYYY-MM-DD'. I want to know day of the week for this date. Example. For '2005-08-21' my script should return '0' or Sunday For '2005-08-22' it should return '1' or Monday I want piece of code for HP-UX korn shell. Appreciate reply on this. (5 Replies)
Discussion started by: vpapaiya
5 Replies

7. UNIX for Dummies Questions & Answers

Changing First Day Of The Week?

Hi All, Our system is running on Solaris 8 and we are using US locale. By default the First Day Of Week is Sunday, is it possible for us to change it to Monday? I have googled it but found very little of use. THanks in advance. (2 Replies)
Discussion started by: fowlerleftfoot
2 Replies

8. Shell Programming and Scripting

Yesterday's Day of week

I need o get yesterday's day of week but im not exactly sure. the actual name is what i want. I can do it with numbers but im not sure with words. (3 Replies)
Discussion started by: rcunn87
3 Replies

9. Programming

Function that gets the day of the week (0-6) ??

Hi , I am working at Unix system,using c lang. I need c fun which return the day of the week . For example : 0- Sunday. 1- Monday. .... 10x. (4 Replies)
Discussion started by: kamil
4 Replies

10. UNIX for Dummies Questions & Answers

Calculating the day of the week

Hi all, I would like to calculate the day of the week using a supplied date. i.e. 20011012 = Day 5. Any ideas? Many thanks, ligs (4 Replies)
Discussion started by: ligs
4 Replies
Login or Register to Ask a Question