[sudo-users] Allowing access to a script

Patrick Spinler spinler.patrick at mayo.edu
Fri Sep 21 09:32:29 EDT 2012

That will only allow the users orafpp and oraepp to execute the two
listed scripts, and nothing else.

Mind you, if you want to be secure, you'll have to make sure that the
users can in no way modify the scripts or change their behaviour.  That
is, make sure that the scripts are in a full path from root which the
user does not own and cannot write to any directory, and that the
scripts are not owned or writable by the user.

Also for security's sake, make sure the user's environment is cleaned up
to a known value before script invocation, so they can't change the
script behaviour by tweaking environment variables.

-- Pat

On 09/21/2012 02:56 AM, sanjeev singh wrote:
> Hello Sudo admin,
> allowing  access to script which is run by root to ora<sid>. does
> below systax will allow orasid to excute all root command or only
> mention script :
> User_Alias USER=orafpp,oraepp
> /opt/exsid27/dbciFPP/exsid_mod_BR.sh,/opt/exsid27/dbciEPP/exsid_mod_BR.sh
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list