[sudo-users] Regarding permissions

Suj sujnanshetty at gmail.com
Thu Sep 4 10:17:42 EDT 2008

User_Alias ADMIN = amol,nimmi
Cmnd_Alias SHELLS = usr/local/bin/bash,/bin/csh,/bin/tcsh <<< Typo in the
definition of 'bash'
Cmnd_Alias COMMANDS =
Runas_Alias  SYSADMIN = amol, nimmi
root    ALL=(ALL) ALL
john    ALL=(ALL)  ALL

Beside root and john being all powerfull, you are giving amol and nimmi
permission to act as each other.

So I can avoid this by giving it seperately I guess -
ADMIN (or only amol ??) ALL = (amol) ALL, !SHELLS, !COMMANDS
ADMIN (or only nimmi ??) ALL = (nimmi) ALL, !SHELLS, !COMMANDS

>>same thing!!!

Could you expand little on this ? Also, I'm pasting some material I read
in one of the tutiorials -
 bob, bunny ALL = (ALL) ALL
What does this statement mean ? How can bob and bunny use the su command
without knowing the su password ?

>> They don't have to enter root passwd, but they will be entering their own
passwd's to get root privileges, that's the whole point of sudo !! So if you
restrict root to certain commands the users who gets root privileges will
have that restricted set of commands.Better not to do it .......unless the
root doesn't want to adminster the machine in the near future.

When you have sudo activated all users when logging in will have to use
"sudo -l" to view the cmds they are permitted to use, then enter their own
passwd's and execute the root-permissible-cmd's they are allowed to in the
sudo file.

Sujnan Shetty

More information about the sudo-users mailing list