sudo-users digest, Vol 1 #250 - 8 msgs
gregor.bekker at nl.abnamro.com
gregor.bekker at nl.abnamro.com
Fri Oct 26 02:46:23 EDT 2001
Can people refrain from using HTML based ortext markup tools. It is
irritating and hard to read.
TIA
sudo-users-request at courtesan.com@courtesan.com on 10/25/2001 07:01:07 PM
Please respond to sudo-users at courtesan.com
Sent by: sudo-users-admin at courtesan.com
To: sudo-users at courtesan.com
cc:
Subject: sudo-users digest, Vol 1 #250 - 8 msgs
Send sudo-users mailing list submissions to
sudo-users at courtesan.com
To subscribe or unsubscribe via the World Wide Web, visit
http://www.courtesan.com/mailman/listinfo/sudo-users
or, via email, send a message with subject or body 'help' to
sudo-users-request at courtesan.com
You can reach the person managing the list at
sudo-users-admin at courtesan.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sudo-users digest..."
Today's Topics:
1. Re: Redirecting the Sudo log on HP Servers (Todd C. Miller)
2. Using sudo with a menu/panel (Patrick Dwyer)
3. RE: Redirecting the Sudo log on HP Servers (Brent Fortman)
4. LD_* variables and sybase (Sue Blake)
5. Re: LD_* variables and sybase (Rich Dempsey)
6. email notice when user password fails (Henry, Michael)
7. Re: LD_* variables and sybase (Todd C. Miller)
8. Can I run sudo by passing (MUSTAFA.CAYCI)
--__--__--
Message: 1
To: "Patrick Dwyer" <padwyer at hotmail.com>
cc: sudo-users at courtesan.com
Subject: Re: Redirecting the Sudo log on HP Servers
Date: Wed, 24 Oct 2001 12:49:58 -0600
From: "Todd C. Miller" <Todd.Miller at courtesan.com>
In message <F216vDOv5y4FypKsEgJ0000f951 at hotmail.com>
so spake "Patrick Dwyer" (padwyer):
> I was wondering if anyone knew the command to redirect the sudo
> log on HP servers to another log host? The log host is a DEC box.
You can do this by changing your syslog.conf file. See the
second example in the sample.syslog.conf file that comes with
sudo.
- todd
--__--__--
Message: 2
From: "Patrick Dwyer" <padwyer at hotmail.com>
To: sudo-users at courtesan.com
Subject: Using sudo with a menu/panel
Date: Wed, 24 Oct 2001 15:20:28 -0400
<html><div style='background-color:'><DIV>
<DIV>
<DIV></DIV>
<DIV>Hi folks,</DIV>
<DIV>In our development area, a programmer has created a menu/panel that
asks the user to input two characters abbreviation of the client name.
So say the client was Burger king you would input bk. Now is
there a way to use sudo to work with that menu/panel ? So the user
would input the two letters and sudo would allow the user to su to the
shared account like client?? where the ?? equals the abbreviation like
bk?</DIV>
<DIV>If this is possible, what whould the command look like in the sudoers
file?</DIV>
<DIV>Thank you, very much for your help.</DIV>
<DIV>Patrick</DIV></DIV></DIV></div><br clear=all><hr>Get your FREE
download of MSN Explorer at <a href
='http://go.msn.com/bql/hmtag_itl_EN.asp'>http://explorer.msn.com</a><br></html>
--__--__--
Message: 3
From: Brent Fortman <Brent.Fortman at radioshack.com>
To: "'Patrick Dwyer'" <padwyer at hotmail.com>, sudo-users at courtesan.com
Subject: RE: Redirecting the Sudo log on HP Servers
Date: Wed, 24 Oct 2001 15:13:34 -0500
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C15CC8.5B716FE0
Content-Type: text/plain;
charset="iso-8859-1"
I never had any luck with the default sudo settings of local2, notice, and
LOG_ALERT - who knows, maybe it's an HPism. I compiled a binary with the
following syslog options:
--with-logging=syslog
--with-logfac=local3
--with-goodpri=info
--with-badpri=alert
The corresponding /etc/syslog.conf is:
local3.alert @<remote_hostname>
local3.info @<remote_hostname>
*.info;local3,mail.none /var/adm/syslog/syslog.log
With this alone, your messages will end up in the syslog on
"remote_hostname". If you want to have the sudo messages logged to a
separate log file on the remote_host, then you will need to modify the
syslog.conf on that system as well. Might look something like this:
local3.info /var/adm/sudo.log
local3.alert /var/adm/sudo.log
Hope that helps.
Brent
-----Original Message-----
From: Patrick Dwyer [mailto:padwyer at hotmail.com]
Sent: Wednesday, October 24, 2001 7:49 AM
To: sudo-users at courtesan.com
Subject: Redirecting the Sudo log on HP Servers
Hi Everyone,
I was wondering if anyone knew the command to redirect the sudo log on HP
servers to another log host? The log host is a DEC box.
Thank you,
Patrick
<http://graphics.hotmail.com/emsmilep.gif>
_____
Get your FREE download of MSN Explorer at http://explorer.msn.com
<http://go.msn.com/bql/hmtag_itl_EN.asp>
____________________________________________________________ sudo-users
mailing list For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
------_=_NextPart_001_01C15CC8.5B716FE0
Content-Type: text/html;
charset="iso-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff size=2>I
never had any luck with the default sudo settings of local2, notice, and
LOG_ALERT - who knows, maybe it's an HPism. I compiled a binary with
the
following syslog options:</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>--with-logging=syslog</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>--with-logfac=local3</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>--with-goodpri=info</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>--with-badpri=alert</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>The
corresponding /etc/syslog.conf is:</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>local3.alert
@<remote_hostname></FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>local3.info
@<remote_hostname></FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>*.info;local3,mail.none
/var/adm/syslog/syslog.log</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>With
this alone, your messages will end up in the syslog on "remote_hostname".
If you
want to have the sudo messages logged to a separate log file on the
remote_host,
then you will need to modify the syslog.conf on that system as well.
Might
look something like this:</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>local3.info
/var/adm/sudo.log</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>local3.alert
/var/adm/sudo.log</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>Hope
that helps.</FONT></SPAN></DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=968380020-24102001><FONT face=Arial color=#0000ff
size=2>Brent</FONT></SPAN></DIV>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Patrick Dwyer
[mailto:padwyer at hotmail.com]<BR><B>Sent:</B> Wednesday, October 24, 2001
7:49
AM<BR><B>To:</B> sudo-users at courtesan.com<BR><B>Subject:</B> Redirecting
the
Sudo log on HP Servers<BR><BR></FONT></DIV>
<DIV>
<DIV></DIV>
<DIV>Hi Everyone,</DIV>
<DIV>I was wondering if anyone knew the command to redirect the sudo log
on HP
servers to another log host? The log host is a DEC box.</DIV>
<DIV> </DIV>
<DIV>Thank you,<BR>Patrick</DIV>
<DIV><IMG style="WIDTH: 19px; HEIGHT: 13px" height=12
src="http://graphics.hotmail.com/emsmilep.gif" width=12 NOSEND="1"></DIV>
<DIV></DIV>
<DIV> </DIV>
<DIV></DIV></DIV><BR clear=all>
<HR>
Get your FREE download of MSN Explorer at <A
href="http://go.msn.com/bql/hmtag_itl_EN.asp
">http://explorer.msn.com</A><BR>
____________________________________________________________
sudo-users mailing list <SUDO-USERS at COURTESAN.COM>For list information,
options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users</BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C15CC8.5B716FE0--
--__--__--
Message: 4
Date: Thu, 25 Oct 2001 06:22:05 +1000
From: Sue Blake <sue at welearn.com.au>
To: sudo-users at courtesan.com
Subject: LD_* variables and sybase
For safety reasons, sudo rightly refuses to pass LD_* environment
variables. As a consequence of this, I seem to be unable to
use sudo for the following task, which means that I may have to
let users have full access to a priviliged account instead,
unless there's some other way.
We have a tru64 machine running sybase. The unix user sybase
must close down and start up sybase when required. Normally
there is no reason for anyone to actually log in as user
sybase, whose access privileges are very high.
There are times that operators or assistant sybase admins need
to shut down and restart sybase. Some of these people are not
very confident but they may need to act in an emergency when
nobody is around, using a menu I've set up for them.
Commands like
sudo -u syabase <sybase command>
bomb out, because sybase can't find its libraries, and
sudo -u sybase env
shows what's going on: they get everything except the LD variable.
I guess I could let them have something like
sudo su - sybase
and hope for the best, but I doubt that's the most sensible way
of dealing with this. Besides, I want to keep saying "No, you
can't login as sybase, nobody even knows the password, I'll give
you sudo access to the commands that you need to run".
What would be the most sensible approach to this problem?
--
Regards,
-*Sue*-
--__--__--
Message: 5
Date: Wed, 24 Oct 2001 16:41:25 -0400
To: sudo-users at courtesan.com
From: Rich Dempsey <dempsey at kodak.com>
Subject: Re: LD_* variables and sybase
Put the sybase command in a wrapper script:
sudo /etc/init.d/sybase restart
or
sudo -u sybase /sybase/etc/sybasectl stop
where /sybase/etc/sybasectl sets the environment variable
(it's too late now for sudo to undo it) and runs the command.
Rich
At 06:22 AM 10/25/2001 +1000, Sue Blake wrote:
>For safety reasons, sudo rightly refuses to pass LD_* environment
>variables. As a consequence of this, I seem to be unable to
>use sudo for the following task, which means that I may have to
>let users have full access to a priviliged account instead,
>unless there's some other way.
>
>We have a tru64 machine running sybase. The unix user sybase
>must close down and start up sybase when required. Normally
>there is no reason for anyone to actually log in as user
>sybase, whose access privileges are very high.
>
>There are times that operators or assistant sybase admins need
>to shut down and restart sybase. Some of these people are not
>very confident but they may need to act in an emergency when
>nobody is around, using a menu I've set up for them.
>
>Commands like
> sudo -u syabase <sybase command>
>bomb out, because sybase can't find its libraries, and
> sudo -u sybase env
>shows what's going on: they get everything except the LD variable.
>
>I guess I could let them have something like
> sudo su - sybase
>and hope for the best, but I doubt that's the most sensible way
>of dealing with this. Besides, I want to keep saying "No, you
>can't login as sybase, nobody even knows the password, I'll give
>you sudo access to the commands that you need to run".
>
>What would be the most sensible approach to this problem?
>
>--
>
>Regards,
> -*Sue*-
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at courtesan.com>
>For list information, options, or to unsubscribe, visit:
>http://www.courtesan.com/mailman/listinfo/sudo-users
--
Richard C. Dempsey email: dempsey at kodak.com
Kodak.com pager: 716-975-3539
3rd Floor, Bldg 16, KO phone: 716-781-5232
Eastman Kodak Company
Rochester, NY 14650-0706
--__--__--
Message: 6
From: "Henry, Michael" <michael.henry at eds.com>
To: "'sudo-users at courtesan.com'" <sudo-users at courtesan.com>
Subject: email notice when user password fails
Date: Wed, 24 Oct 2001 16:47:52 -0400
Is there a way to get notified when a user types in a invalid password when
using sudo.
example below.
I need e-mail notification when a sudo - invalid password fails
Thanks
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts
Michael Henry
SunSA - Charlotte, NC
phone: (704) 549-5328
pager: 866-681-2827
cell: (704) 634-0027
email: michael.henry at eds.com
--__--__--
Message: 7
To: Sue Blake <sue at welearn.com.au>
cc: sudo-users at courtesan.com
Subject: Re: LD_* variables and sybase
Date: Wed, 24 Oct 2001 14:48:56 -0600
From: "Todd C. Miller" <Todd.Miller at courtesan.com>
Typically the way this is achieved is to write a shell wrapper
around the command in question that sets the LD_* variables as
needed and then execs the command. You then give the users sudo
for that script.
- todd
--__--__--
Message: 8
Date: Thu, 25 Oct 2001 07:58:02 -0800 (GMT-08:00)
From: "MUSTAFA.CAYCI" <MUSTAFA.CAYCI at oracle.com>
To: sudo-users at courtesan.com
Subject: Can I run sudo by passing
I am trying to run sudo in a shell script as such:
sudo httpdsctl startall <<EOF
password
EOF
It is still asking me to enter the password and ignoring the password in
pipe. Can this be done?
Thanks,
Mustafa
--__--__--
____________________________________________________________
sudo-users mailing list <sudo-users at courtesan.com>
For list information, options, or to unsubscribe, visit:
http://www.courtesan.com/mailman/listinfo/sudo-users
End of sudo-users Digest
More information about the sudo-users
mailing list