[sudo-users] HOWTO allow "near-root" access level
Edilmar Alves - Lista
edilista at fes.br
Tue Nov 16 20:08:38 EST 2004
Aaron Spangler escreveu:
>On Thu, 11 Nov 2004 20:15:08 -0300, Edilmar Alves - Lista
><edilista at fes.br> wrote:
>
>
>>Hi,
>>
>>I'm teacher of Linux Administration course.
>>
>>Then, actually the students use a user of "root-group",
>>to allow them to:
>>1) start/stop services (named, httpd, proftpd, postfix, squid, sshd,
>>xinetd, smbd, nfsd, ...)
>>
>>
>
>Give them access to the 'service' command.
>
>$ service named stop
>$ service sshd restart
>$ service postfix start
>
This worked fine.
>
>
>
>>2) modify config files (named.conf, httpd.conf, ...)
>>
>>
>
>Give them sudoedit access to certain files
>
I didn't find the sudoedit option in my sudo 1.6.7p5.
Where do I put this option? In sudoers? In "man sudo" and "man sudoers"
I didn't find too.
>
>
>
>>3) read/modify log files (/var/log/*)
>>
>>
>
>Give them sudoedit access to other (or all) files
>
>
>
>>4) useradd, userdel, usermod, chown, chmod, chgrp, ...
>>
>>
>>
>
>Grant them specific access to each of these commands.
>
Fine.
>
>
>
>>However, I would like to know if it's possible to configure SUDO to all
>>these configs.
>>For example, how to configure SUDO to allow some student to make
>>maintence of named
>>(start/stop, modify /var/named/chroot/all subdirs and files, modify
>>/var/log/messages, ...)
>>
>>PS: I'm using Fedora Core 2.
>>
>>Thanks for any help,
>>
>>
>>
>
>Do a 'man sudoers'. It gives some good examples on how to impliment
>user alises and command aliases. If it doesn't work the way you think
>it should, give us another shout.
>
> -Aaron
>
>
>
>>____________________________________________________________
>>sudo-users mailing list <sudo-users at sudo.ws>
>>For list information, options, or to unsubscribe, visit:
>>http://www.sudo.ws/mailman/listinfo/sudo-users
>>
>>
>>
>
>
>
>
More information about the sudo-users
mailing list