[sudo-users] Question on functionality

Phil Wild philwild at gmail.com
Sun Jan 13 23:13:07 EST 2008

Hello sudo-users,

I am new to the list but have used sudo for simple task previously.

I have a requirement to use sudo to protect production systems. We had
an issue where a dba ran a command on a production host that he was
supposed to run elsewhere. We are trying to come up with a way of
making it hard for this type of thing to happen again.

What I want to do is:

Turn the oracle account into a role and remove the password.
Set up the dba's so that they can run everything they want bar a
certain list of commands as the oracle user.
Allow them to do this without a password

I am then going to rename sudo to the hostname so to run anything on
the host they log into the host and type "hostname command parameters
etc etc". This is going to be a bit painful will ensure they run what
they run where they expect it to run...

I think all the above is possible but I would be interested in
comments on the concept...

Also, the dba's set environment variable which point them to a target
database for interactive commands. Any ideas on a way to handle this
as I assume they will not be passed through the sudo command?



Tel: 0400 466 952
Fax: 0433 123 226
email: philwild at gmail.com

More information about the sudo-users mailing list