[sudo-users] Absolute Paths in sudoers

Huibert.Kivits at mail.ing.nl Huibert.Kivits at mail.ing.nl
Wed Dec 7 08:47:40 EST 2005


Hi Jimmy,

You could create aliases in either user profiles, user group profiles or even system wide profiles.
 alias vibp="sudo vi /usr/openv/netbackup/bp.conf"

It works. But this solution would create a lot of maintenance work for sysadmins and/or security admins.

There is a simple and effective alternative. Educate your users to first list their sudo authorizations with the "sudo -l" command.
Copy, paste, done. Easy as pie.

Met vriendelijke groeten / With kind regards / Mit freundlichen Grüßen / Med vänliga hälsningar / nuosirdziausi linkejimai,


Huibert Kivits


"...all too often, when organizations develop information security programs, they treat security issues as a simple 'check-box' on the list of required corporate functions."
Richard Forno & Kenneth R van Wyk, "Incident Response", O'Reilly, 2001, ISBN: 0-596-00130-4



-----Oorspronkelijk bericht-----
Van: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] Namens Covington, Jimmy D. (NGIT)
Verzonden: woensdag 7 december 2005 14:28
Aan: 'sudo-users at sudo.ws'
Onderwerp: [sudo-users] Absolute Paths in sudoers


I am running sudoers from Sun One Directory Server (LDAP). I have a commands setup for a user to vi a file. The problem is that he must type in the full path of the filename just as it states in the sudoers. So if sudoers says /usr/local/bin/sudo vi /usr/openv/netbackup/bp.conf, he has to type in sudo vi /usr/openv/netbackup/bp.conf in order for it to work instead of typing sudo vi ./bp.conf. How do I fix this?
 
Jim Covington
Senior UNIX Engineer
 
Sapphire Technologies, Inc.
Austin Automation Center
Austin, Texas 78772
(512) 326-6635
 
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit: http://www.sudo.ws/mailman/listinfo/sudo-users
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------





More information about the sudo-users mailing list