General :: Separating User Commands Using Visudo?
Jul 20, 2011
Here is my scenario, I want to create about 3 groups of users:
--Admins-create and manage users
--Support1-Restart basic stack apps(httpd, mysql etc)
--Support2 Backups
So in my sudoers file i have managed to set them all up to perform the tasks above. However, I want to limit the users in the specific groups from running commands from other groups. eg a user in admins shouldnt be able to restart the stack applications etc. I have tried using the ! to create an exception eg !/etc/init.d/httpd start for the users but its not working.
View 6 Replies
ADVERTISEMENT
Jan 16, 2011
I am new to linux and would like to allow a user to use SUDO to change password and also delete/add members to a group without signing in as root or using SUDO. I think you do this in visudo but I dont know the commands to do this.
View 4 Replies
View Related
Jun 13, 2010
I was trying to make shutdown without root user using visudoI tried the following still it did not work for mehawk ALL=NOPASSWD:/sbin/shutdown -h now
View 6 Replies
View Related
May 2, 2011
I need to add a user to the sudoers in my vps host and edit a couple of files and I just cannot make sense of visudo, vi or nano. The tutorials I find on the net just take too long to study and they are never complete, can someone explain what I need to do? I am running Debian 506.
View 8 Replies
View Related
Jul 14, 2015
I would like to configure visudo to authorize user to start only one application with sudo on one peculiar host and forbid everything else so, after reading the man, I came up with :
Code:
Select alluser ALL = (ALL:ALL) !ALL
user host_name = /usr/bin/application
But it does not seem to work.
View 2 Replies
View Related
Apr 19, 2011
i've query regarding, user creation in Linux( RHEL 5), i.e, i've created a user ([root@localhost ~]#useradd slash ) and switched into that user, but am not able to run commands in it......It's displaying a message saying, PERMISSION DENIED. Do we need to provide any permissions while creating a user
View 7 Replies
View Related
Apr 30, 2010
Customer asked me to create a menu for linux he also asked me to do this: Open like a command like where a user can execute commands...so for this the users have sudo enabled. The code below works OK. But it has an issue when a command is executed but the command does not need sudo
Like for instance
Code:
cd /
sudo: cd: command not found
How can I allow a user to execute all commands when a command does not need sudo
Code:
echo -e "Press Control+C to finish"
#echo -e " "
while true;
do
read whichcmd?"Insert Command: "
sudo $whichcmd
done
View 3 Replies
View Related
Oct 14, 2009
How to allow access to some commands having root privleges to be run by non root user. I am new to unix/linux and I have a major assignment. I have to find ways to run particular commands which can be run only by root from a non root user. I know sudo is one of the way but i need some different approach.
View 8 Replies
View Related
Mar 19, 2011
I am trying to write one script. Purpose of my script is that it will login to particular user and it will execute some set of commands.What I was trying....
#!/bin/bash
su - tom
ls -lrt
[code]...
View 6 Replies
View Related
Jan 17, 2011
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
View 6 Replies
View Related
Feb 22, 2011
My current script is as followed:
Code:
#!/bin/sh
su et
cd "media/ET"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:.
[code]....
I want ET to be run as the user "et" and for some reason, I can't directly su/sudo to run the file without being in the user "et" and the "/media/ET" directory.
View 2 Replies
View Related
Jul 3, 2010
I have a question that i want to make a normal user to execute the commands which the root user is able to execute, say if i have a user named siru and when i logged in using siru i cannot run commands like tracert,nmap@loccalhost and all but i can run when i have logged into root account so my question is how to make siru to run the command tracert,nmap@localhost.I have even edited the .bash_profile of siru's home directory from
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
[code]...
View 1 Replies
View Related
Nov 13, 2010
Recently I migrated from Ubuntu to Debian, first thing i wanted to do was to give myself sudo permissions and lock the roir account. By default sudo group don't have permissions to do this on debian, so i wanted to edit sudoers file by typing visudo. But i keep getting this
error: Error opening terminal: vanilla How can i solve this.
View 1 Replies
View Related
Sep 24, 2010
I notice that when I create a launcher in Gnome it then appears later on my desktop when logged into xfce. I dislike the way DE's are 'bleeding' into one another this way. Does anybody have a way to separate the lists of launchers each environment possesses so I can have different icons in each? The only way I can think of off the top of my head is commenting-out icons in my xfce config file - if that is possible.
I'm after fewer icons under xfce and am happy to have the Gnome desktop fully populated with more - hope that makes sense. I'd rather not have to go through installing and setting up idesk with xfce to achieve the same result if I can avoid it. Ditto on menues. I have my Gnome menus properly tidied up, but under xfce I still have several multiple instances of, for instance, the menu-editor app. Can you 'quarantine' these from one another as well?
View 1 Replies
View Related
Jul 8, 2010
I have the following network setup:
The idea is to separate the download and the upload, namely to send the upload on Net1 and the download on Net2, completely transparent to the client. My first ideas were using simple routing rules....having the default gateway for Gateway A over Net1 and having the route to the client in Gateway B over Net2. However, if I do that, the packets arriving in Gateway B from the client, aren't forwarded anymore. The same thing happens if I don't have any route to the client in Gateway B. In order to forward the packets, does it really matter if the router knows how to route to the source and does it really mater if the packet arrives on the same interface as the routing rules point to?
View 1 Replies
View Related
May 16, 2011
I want to separate the Apache2 Error log to log certain events in a specified file.
For example:
client denied by server configuration > denied.log
Directory index forbidden by Options directive > forbidden.log
I would like it add it to the logs as the events happen, and like the other logging systems, create new files when the current is full. i.e. denied.log.0
View 1 Replies
View Related
Apr 13, 2011
I am running RHEL release 4 (Nahant Update 6). I currently have a fax server that has been encountering issues recently after hours. My boss would like our helpdesk to monitor the status of these modems throughout their shift. This has led to a request for a helpdesk account to be created on our linux box that only has access to a few commands. Is there a way to limit the new user to only have access to the following commands?
cd
less
cat
Additionally I would like to create a script for them to run that would chmod our modems when necessary since their permissions reset after a power cycle. BUT not give them access to the chmod command, just chmod through that script for those specific devices.
View 6 Replies
View Related
Dec 24, 2010
I want to see the users list and the permissions of the users when i logged in a root and how to change the permissions of the users. 2.How to change the permissions for the commands. example:when i logged with my other user account(not with root user) i dont have a permission to use the move(mv) command. #mv filename /backup my error : Permission denied. I need to know how we can set the permissions for the commands even.
View 1 Replies
View Related
Jan 3, 2011
i have a linux server, the Operating system is SUZE 9 but i need to see all commands executed by any users connected on the server and the ip of the host in a log file.the history file does not contain all info that i need .please is there a way to write a script in order to save this problem .
View 2 Replies
View Related
Apr 17, 2010
i have edited /etc/rc.local and i can add the command 'deluged' and it runs just fine but i need it to run under my username but when i change it to 'sudo -u sean deluged' it doesnt run deluge at startup. whats even weirder is if i run this command 'sudo sh /etc/rc.local' it runs deluge as seanjust like its supposed to.
View 4 Replies
View Related
Jun 10, 2009
Senario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
View 5 Replies
View Related
Nov 7, 2009
After a few hours work I have managed to set up pptd so that my daughter can log into her account at Imperial College. My problem now is that I need to have a script that she can run if she wants to log in. She will have to invoke a couple of root commands and I do not want to give her the root password What she needs to do to set up networking is:
Quote:
pppd call imperial dump debug logfd 2 nodetach require-mppe
/sbin/ip route add default dev ppp0
How can I enable things so that she can run this script as user?
View 12 Replies
View Related
Sep 10, 2010
I've had a server setup working perfectly for the last 2 years. Today we installed a newer version of postgresql and recompiled apache/php.
Postgresql will not start now.
"service postgresql start" = /var/lib/pgsql/data is missing. Use "service postgresql initdb" to initialize the cluster first. To initdb we need to be as user postgres.
"su - postgres" = "no file or directory"
In /etc/passwd = postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
how i can login as postgres user and enter these commands?
View 2 Replies
View Related
Mar 10, 2010
I need to use visudo in order to make a shell script properly work, certain parts of it require that I can use sudo without being prompted to enter my password and I need to use visudo to properly edit sudoers. I cannot stand vi, I don't know how to use it very well, the documentation/manual is confusing and to be honest i would rather use nano, I personally hate vi or vim and would never in a million years want to use it. Is it possible in fedora 12 to change visudo to sue nano instead? I don't care if I have to recompile visudo to make this a possibility because it beats using vi any day of the week. (In fact I don't get why it is the default, it is very awkward!)
View 3 Replies
View Related
May 4, 2011
I was looking at some Vim plugins, and I installed one called Abolish. The page from where I got it [URL] only says:
install details
Extract in ~/.vim or ~vimfiles
So I extracted it in ~/.vim. Now, the issue is that, if I edit a file as root, I am able to use the commands; however, when I edit a file as a normal user, these commands won't work. So... could this be a permissions issue? Or should I copy the plugin in some other directory, maybe?
View 6 Replies
View Related
Apr 5, 2010
what is the best way to share visudo file without the need to use ldap.
View 3 Replies
View Related
Feb 13, 2010
I Love Jdownloader program but can't solve this old problem.
I'm still a little retard with GNU/Linux
Able to do a reconnect by running the following commands
Quote:
This is the script I'm using.
Quote:
It resembles this one in Window$
The program dhcpcd requires root user privileges.
Avahi daemon and network-manager widget should be disabled or uninstalled for this to work on Ubuntu.
Also I'm using Karmic.
I'm not Cisco certified. What I think it does, in a non technical comparison, is tell the ISP hardware that your ip should be 190.189.48.52 or whatever number you like.
For the ISP this would be the last lease you used.
The ISP hardware does not recognize this last lease in its list, so it assigns a new ip.
That does the trick and you get your new ip!
My ISP promotes the service with dynamic ip so no legal matters here.
The problem is how to automatize it.
Sudo runs the script with no privileges problems.
I am able to run it password-less by modifying sudoers file via visudo command.
I add the following line
Quote:
It can also be like (this would need extra security measures?)
Quote:
Then you can run sudo /usr/bin/cambiar-ip and it won't prompt you for a password.
Password issues solved, I cannot get Jdownloader to run it.
In the Settings > Reconnection tab
Tried to use "External" and "Batch" but i get reconnection failed sad face.
I've tried in "External" /usr/bin/sudo /usr/bin/cambiar-ip
It won't work.
I'm missing something of the Unix security structure.
Here is the wiki of the program
[url]
View 5 Replies
View Related
May 24, 2015
I have just installed Debian 8 with Gnome desktop and trying to add my username to sudoers list.
When I open terminal and enter visudo I get the following error message...
Code: Select allfracmo2000@debian:~$ su
Password:
root@debian:/home/fracmo2000# visudo
bash: visudo: command not found
root@debian:/home/fracmo2000#
Although I am quite new to debian, I have done this successfully in the past so not sure why this is happening?
View 7 Replies
View Related
Dec 1, 2009
i try today to install Firestarter , unfortunately i got some problems regarding of the following messages:
1- insufficient privileges :
2- how can i change and save the file /etc/sbin/firestarter with visudo cammand
3-i got this message when i try to run it through terminal Error reading /proc/net/ip_conntrack: No such file or directory
View 5 Replies
View Related
Feb 2, 2010
I want to add 50 new users, not on the server yet I want to add them all to group Accounting - with 1 option, not user by user I want to setup a default password for them all, and have it say something like 'You must now change password or no access will be permitted' Any other options I also want to do once, not for each user?
View 3 Replies
View Related
