I've set up an alias in .bashrc (let's call it alias1), and am trying to set up a sudo NOPASSWD rule for that particular command. So far, I've attempted:
user ALL = NOPASSWD: alias1
user ALL=(ALL) NOPASSWD: alias1
But keep getting told I have a syntax error - presumably this is because visudo doesn't recognise alias1? I've already checked that alias1 works correctly, so I assume I'm just referring to it incorrectly.
I have a script that I run using ./dom example.com.
I want to add an alias to .bashrc so that I can run it using "d example.com".
I have tried adding each of the lines below in turn but I still receive the error:
-bash: d: command not found
alias d="/bin/bash /home/user/dom"
alias d="./home/user/dom"
alias d="sh /home/user/dom"
I need to occasionally touch a file with the current timestamp as the filename. I would do so this way:
touch `date "+%Y-%m-%d_%H-%M"`.txt
However, I'd like to define an alias for this. When I try adding to the bashrc this:
alias td="touch `date "+%Y-%m-%d_%H-%M"`.txt"
the result is that the filename is the same during the entire session, since the `date ..` gets calculated just once during login...
How can I get the command to expand only when I call the alias? Or must I use a function for this?
I have a few alias' in my .bashrc to save some typing, mostly ls type variants.
I wanted to add the following:
- give me a Long listing of ALL in Reverse Time order, (don't recurse directory)
Code:
But it doesn't work anything like the way it does on the command line
When I use the alias I get the following:
Code:
No Time, No Permissions, no group/owner ... , Why?
I successfully edited the .bashrc file to get ruby version manager (rvm) working. Now I would like to turn that setting into an alias so that if i type the word 'ruby' into the terminal it not only goes to the rvm settup but also defaults to my webdev folder which is in my user home directory and also exicutes a command that will open up gedit ready to be used as the text editor for editing the .rb files. Can this be done i would settle for some added code for the 'if then' statement: so far it looks like this:
[Code]...
I don't want to mess with the default setup on this system too much and think things could get out of hand if i am not careful. So am cautious about doing anything at this stage. I wonder if it is possibel thought to setup that whole 'if then' statement as an 'alias'. I read a few referances to alias and looked in the manual like any good newby should but am needing your help please. getting out of the MSwindows mind set and into the linux logic is not so easy but is a great experience
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies View RelatedI have an alias that I would like to use both as a regular user and as root, via sudo. Specifically, it is this:
alias rm=trash This works fine as a normal user, and it works fine when I use sudo -i to get a root shell prompt, but if I use sudo rm, the alias does not apply. So where do I need to put my alias so that it works in one-off sudo commands?
I am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
When I add some path in .bashrc by commenting out old path and adding new one like this:
#EXPORT HOME_PLAY=/home/gem/old_play
EXPORT HOME_PLAY=/home/gem/play
EXPORT PATH=$PATH:HOME_PLAY
After saving above changes, I enter the command: source ~/.bashrc Now if I do echo $PATH, the path shows both the old PLAY_HOME and new PLAY_HOME. This is really bad and messes up a lot of things in my project. This problem only goes away if I logout or reboot, a rather very long process. What is happening is that the old path is added to new path element and the old path includes the old path element you want to remove.
I have a Kerberos/LDAP/OpenAFS server running on Debian lenny, set up according to Davor Ocelic's excellent guide here (url). SSHd has ben configured to use GSSAPI auth and the clients have been configured to pass auth tokens through to the server.
My clients are all Ubuntu 9.10 x86 fully patched. On the clients, OpenAFS has been compiled and installed as a kernel module and git 1.6.6 has been compiled from source and installed. Otherwise, all software is stock Ubuntu repository-ware.
The setup is working fine as long as I connect to the primary server using its hostname:
peter@client01:~$ ssh nana
<connection goes through seamlessly without prompting>
peter@nana:~$
If I try to connect via a DNS alias (actually a second CNAME record), I get:
peter@client01:~$ ssh git1
peter@git1's password:
<connection completes>
peter@nana:~$
I need both passwordless auth and the DNS alias working, as it's internal policy that user connections are only ever made to service names, not real hostnames.
I have tried adding a second host principal to Kerberos for the alias (git1.darling.local) in addition to the host principal for the hostname (nana.darling.local).
If I turn off PasswordAuthentication in sshd_config, then "ssh git1" doesn't even fall through to passwords; it just denies logins. So it looks like it's not even using GSSAPI for the DNS alias.
So:
1) Is what I want even possible? I can't find anything that indicates that there's anything odd about DNS aliases such that this should happen.
2) Which config files should I post to help debug this? There's a lot and I didn't want to start blarfing them here if they aren't helpful.
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
I am curious since "Run command as a login shell" is UNTICKED (I think for all new users) under Gnome Terminal -> Menu Bar -> Profiles -> Edit -> Title and Command , BUT .bash_profile is sourced. I thought .bashrc should be sourced instead ?
View 6 Replies View RelatedThe following line is in the /etc/bashrc file. I was trying to decipher it but no google results explain it in detail.PROMPT_COMMAND='echo -ne 33]0;${USER}${HOSTNAME%%.*}:${PWD/#$HOME/~}07"'I understand that 33 is the ASCII character for ESC but not sure what ]0 does or anything after the HOSTNAME variable.
View 1 Replies View RelatedI am trying to install Network simulator 2.34 on fedora 13..my installation was successful. but I am unable edit my bashrc file...All I had to do was
"
Add all these lines into your ~/.bashrc file:
export PATH=$PATH:/opt/ns-allinone-2.34/bin:/opt/ns-allinone-2.34/tcl8.4.18/unix:/opt/ns-allinone-
[code]....
recently I did some changes to my bashrc file the changes are as follows
export JAVA_HOME=/usr/java/jre<version>/bin/
export PATH=$PATH:/usr/java/jre<version>/bin
now I'm unable even login to the OS.
I erasing default text in fedora 13 root bashrc and when I want to swich user ( with su command ) to root , icant,and i see bash-4.1????
View 1 Replies View RelatedI have to move our DNS server to our VMware environment. With that comes a new IP address (10.10.102.x). The current address is in the 192.168.10.x. range. Is there a way to bind an alias to my NIC that has a different IP range? I tried it and it didnt work but if i used two IPs in the same subnet range it works. What are my options?
I don't want to go around and modify all my clients to use the new IP. I have many other things running like Nagios and Puppet. Unfortunately this is going to suck and I probably dont have any other options.
Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies View RelatedConsider: [URL]
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
I have a RHEL 5.5 system set up with two users in the sudoers file to run certain commands without a password prompt.I do not have "Defaults requiretty" in the sudoers file.However, for both users, when I issue: sudo -l, it prompts for a password and logs in /var/log/secure:sudo: userx: no tty present and no askpass program specified
View 2 Replies View Relatedtrying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies View Related We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
Is there anyway you can configure either OpenVPN client or the system to allow connections using OpenVPN to be made to computers on the OpenVPN network using their alias rather than their IP address. This may sound blasphemous but you can in Windows. That is if the VPN network is say 10.x.0.x I could connect to Comp4 or Comp2 using Comp4 or Comp2 not 10.x.0. 4 or 10.x.0.2 or whatever IP is allocated by the OpenVPN server. If the OpenVPN server has not been restarted then it will usually allocate the same IP every time the same client connects.
View 8 Replies View RelatedCan anybody explain how I can set a hostname alias in RHEL5. We are testing RHEL to replace our Solaris LDAP servers, one of the things we need is to be able to set a hostname alias on the public interface.In solaris we can just update the /etc/hosts file to something like
ipaddress hostname alias1 alias2
Things looks alittle different in RHEL, the host file only contains
127.0.0.1 hostname.fqdn localhost.localdomain localhost
I read about the sysconfig/network files but can only see about changing the hostname there and nothing about setting a different alias.
I just read an article saying some unflattering things about Ubuntu's use of sudo. My question is this true?[URL]..
View 6 Replies View RelatedCertain commands like:
fdisk -l
nmap -sT 192.168.0.1/24
iftop
require administrator privileges to run. A while ago i read a post(forgot where i read it) about being able to let a user run these commands in a script (that contains the desired command) created by the administrator/root without the user having to do a sudo and entering a password. Does anyone know how i can go about doing this?
I've enabled root under Ubuntu (i know frowned upon), I'd like to change the default behaviour of sudo so that rather than requesting my password (the password I logon with), it requires the root password.
Have searched the forums but can't find the answer.
At the terminal prompt, I can't login using su nor sudo. I can only login as root at the dialog level. How do I correct this?
View 6 Replies View Relatedwhy when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies View RelatedI am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system.
2) Login.
3) Check for updates or any other app that uses root permission.
4) Logout
5) Login
6) Repeat step 3
7) App will not ask for permission it will use root permission automatically.