[sudo-users] Allowing access to a script
sanjeev singh
sanjeev.littledevil at gmail.com
Tue Sep 25 14:22:44 EDT 2012
Thank you all !!!
On Fri, Sep 21, 2012 at 9:32 AM, Patrick Spinler
<spinler.patrick at mayo.edu>wrote:
>
> That will only allow the users orafpp and oraepp to execute the two
> listed scripts, and nothing else.
>
> Mind you, if you want to be secure, you'll have to make sure that the
> users can in no way modify the scripts or change their behaviour. That
> is, make sure that the scripts are in a full path from root which the
> user does not own and cannot write to any directory, and that the
> scripts are not owned or writable by the user.
>
> Also for security's sake, make sure the user's environment is cleaned up
> to a known value before script invocation, so they can't change the
> script behaviour by tweaking environment variables.
>
> -- Pat
>
> On 09/21/2012 02:56 AM, sanjeev singh wrote:
> > Hello Sudo admin,
> >
> > allowing access to script which is run by root to ora<sid>. does
> > below systax will allow orasid to excute all root command or only
> > mention script :
> >
> > User_Alias USER=orafpp,oraepp
> > USER ALL=(ALL) NOPASSWD:
> > /opt/exsid27/dbciFPP/exsid_mod_BR.sh,/opt/exsid27/dbciEPP/exsid_mod_BR.sh
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
> >
>
>
More information about the sudo-users
mailing list