[sudo-users] Regarding permissions
Suj
sujnanshetty at gmail.com
Thu Sep 4 10:17:42 EDT 2008
User_Alias ADMIN = amol,nimmi
Cmnd_Alias SHELLS = usr/local/bin/bash,/bin/csh,/bin/tcsh <<< Typo in the
definition of 'bash'
Cmnd_Alias COMMANDS =
/bin/rm,/usr/sbin/adduser,/usr/sbin/rmuser,/usr/local/sbin/visudo
Runas_Alias SYSADMIN = amol, nimmi
root ALL=(ALL) ALL
john ALL=(ALL) ALL
ADMIN ALL = (SYSADMIN) ALL, !SHELLS, !COMMANDS
Beside root and john being all powerfull, you are giving amol and nimmi
permission to act as each other.
So I can avoid this by giving it seperately I guess -
ADMIN (or only amol ??) ALL = (amol) ALL, !SHELLS, !COMMANDS
&
ADMIN (or only nimmi ??) ALL = (nimmi) ALL, !SHELLS, !COMMANDS
>>same thing!!!
Could you expand little on this ? Also, I'm pasting some material I read
in one of the tutiorials -
bob, bunny ALL = (ALL) ALL
What does this statement mean ? How can bob and bunny use the su command
without knowing the su password ?
>> They don't have to enter root passwd, but they will be entering their own
passwd's to get root privileges, that's the whole point of sudo !! So if you
restrict root to certain commands the users who gets root privileges will
have that restricted set of commands.Better not to do it .......unless the
root doesn't want to adminster the machine in the near future.
When you have sudo activated all users when logging in will have to use
"sudo -l" to view the cmds they are permitted to use, then enter their own
passwd's and execute the root-permissible-cmd's they are allowed to in the
sudo file.
--
Sujnan Shetty
More information about the sudo-users
mailing list