[sudo-users] need root access but only to ..
Russell Van Tassell
russell+sudo-users at loosenut.com
Thu Jun 9 16:03:56 EDT 2005
On Thu, Jun 09, 2005 at 09:55:33AM -0700, John Kerby wrote:
> # -------------User alias specification ----------------------------#
>
> User_Alias USERS = john
>
> # -----------------Runas alias specification -------------------------#
>
> Runas_Alias OP = root
>
> # -----------------Host alias specification ---------------------------#
>
> Host_Alias IBM = admin
>
> # --------------------Cmnd alias specification ----------------------#
>
> Cmnd_Alias SUPER = /usr/bin/, /usr/sbin/
>
> # -------------------------User specification ---------------------------#
>
>
> root ALL = (ALL) ALL
>
> #USERS IBM = (OP) /test/ <--- this one only allow acces to /test.
> #USERS IBM = (OP) ALL < --- this one allows root commands but to all filesystems.
> USERS IBM = (OP) SUPER ALL < ---- Dont work!!
User_Alias USERS = john
Runas_Alias OP = root
Cmnd_Alias SUPER = /usr/bin/*, /usr/sbin/*
USERS IBM = (OP) SUPER
...I'd also kill the root all/all/all, personally (it can allow chaining
of sudo commands to allow people shell access *as* root -- that is, more
than you might originally intend). Though, again personally, I'd also be
a lot more selective about what you give sudo privs to... (I also under-
stand that everyone's situation/environment is different, however)
--
Russell M. Van Tassell
russell at loosenut.com
Always remember that you are unique. Just like everyone else.
More information about the sudo-users
mailing list