[sudo-users] Configuring the sudoers file for a DBA
christian.peper at kpn.com
christian.peper at kpn.com
Mon Dec 15 08:35:11 EST 2008
Chris,
Although I have no idea what smitty is... (machine? Program? Tool?)
You could also use a jail for this, couldn't you?
Search Google for 'jailkit' for an easy way to build them. Also very
useful for giving some functions to external people, e.g. over VPN.
Using sudo, it'ld be something like:
User_Alias DBA=user1,user2,%dbagroup
Cmd_Alias TOOL=/usr/bin/chfs
Host_Alias ORA=host1, host2, 192.168.0.0/16
DBA ORA = NOPASSWD: TOOL
This would the DBA users run the tool on any ORA host as root, without
needing the pwd.
BTW, this example was made simply by look at the outstanding examples on
the sudoers site:
http://www.gratisoft.us/sudo/man/sudoers.html#examples
Hope it helps!
Chris.
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of
> Chris.Schrimshaw at kub.org
> Sent: Monday, December 15, 2008 1:00 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Configuring the sudoers file for a DBA
>
> I need to give access to one of our DBA's to run chfs inside
> smitty so he can add space to his file system.
> I want to remove his root access later, but for now, I want
> to set it up so he can run chfs using smitty, get him used to
> using it and then yank his root access. What is the best way
> to set this up using the sudoers file?
>
> ABC03537 ALL = (root) NOPASSWD: /usr/bin/su - root
> (but some
> how add------- /usr/sbin/chfs)
>
> Chris
>
> ___________________
> Chris Schrimshaw
> AIX Systems Administrator
> Office: (865) 558-2017
> Fax: (865) 558-2808
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws> For list
> information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list