[sudo-users] Regarding permissions
Tushar Abraham Mathew तुशार एब्रहाम माथ्यू
tusharm at cdac.in
Tue Sep 2 00:59:13 EDT 2008
Hi all,
I have been trying to edit my sudoers file for the first time
for allowing access to my machine to some people. This is what my file
looks like -
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias ADMIN = amol,nimmi
# Cmnd alias specification
Cmnd_Alias SHELLS = usr/local/bin/bash,/bin/csh,/bin/tcsh
Cmnd_Alias COMMANDS = /bin/rm,/usr/sbin/adduser,/usr/sbin/rmuser,/usr/local/sbin/visudo
# Defaults specification
# Runas alias specification
Runas_Alias SYSADMIN = amol, nimmi
# User privilege specification
root ALL=(ALL) ALL
john ALL=(ALL) ALL
#
#
#
#
ADMIN ALL = (SYSADMIN) ALL, !SHELLS, !COMMANDS
# Uncomment to allow people in group wheel to run all commands
Could anyone advise if there is any way users (except for john) can do
harm to my machine ??
I also haven't understood the exact difference between the statements
root ALL = (ALL) ALL and john ALL = (ALL) ALL
Having read through the general sudo documetation available, I
understand john will be able to on ALL hosts as ANY USER (sudo -u) run
ALL commands.
So the root statement would most likely mean if the root user did sudo
foo, he will be able to do so. But since the root user has full
previleges, why use sudo in the first place ?
Another version I read was that giving root ALL = (ALL) ALL means once a
user like john (john ALL = (ALL) ALL) gets access to commands, he is
again restricted if the commands for root become something like
root ALL = (ALL) /bin/
Could you enlighten me on this please ?
Best Wishes,
Tushar.
More information about the sudo-users
mailing list