General :: Setting Up User To Use Sudo For Specific Commands?
Jan 17, 2011
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
Customer asked me to create a menu for linux he also asked me to do this: Open like a command like where a user can execute commands...so for this the users have sudo enabled. The code below works OK. But it has an issue when a command is executed but the command does not need sudo
Like for instance Code: cd / sudo: cd: command not found
How can I allow a user to execute all commands when a command does not need sudo Code: echo -e "Press Control+C to finish" #echo -e " " while true; do read whichcmd?"Insert Command: " sudo $whichcmd done
Having a problem with sudo. I'm down as a user who can run all commands as root provided I enter my password. The relevant line from my /etc/sudoers file :
user1 ALL=(ALL) ALL
There are several commands that I run quite frequently such as mount and fdisk but would like to avoid having to enter a password each time I use them. What would be the appropriate change to the sudoers file ?
UPDATE: I neglected to scroll down to the bottom of the /etc/sudoers file where there was the line :
%admin ALL=(ALL) ALL
and since user1 was a member of the admin group any predeeding lines were being overidden by this. Commenting out this line and adding
In a couple days I plan on changing to opensuse from kubuntu. Anyway in the Kpackagemanager I removed the pulseaudio client (and its dependencies) and it messed up my system a bit. I don't really mind but all I need is to get my files from my home folder off my hdd to an external through usb 2.0. When Kubuntu 9.10 boots now all it is is a command terminal basically and I don't know the specific commands to get the files. Or if I need to reinstall something so that it boots up with a graphical looking UI again.
since a recent upgrade to Mandriva 2010.1 I am not able to 'sudo' as administrator or when I use the 'root' password. I am the only user on this machine (Dell Inspiron 530S multi-booted with Window's Vista Home Premium, Ubuntu 10.4, and Mandriva 2010.1). I can get into the 'Manage Users' section of the control center by authenticating as 'root' but I can't access 'sudoers file' from command line.
How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
my system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
I'm trying out various windows mgrs and I'd love to be able to preserve certain key mappings... ...but what's REALLY important are the MOUSE KEYS!!!!!!! I use the mouse left-handed. I can set that in Gnome or KDE easily, but if I go into, say Ratpoison, it's un-set again. Is there a system-wide (or as close to it as possible) mouse setting?
Here is my scenario, I want to create about 3 groups of users:
--Admins-create and manage users --Support1-Restart basic stack apps(httpd, mysql etc) --Support2 Backups
So in my sudoers file i have managed to set them all up to perform the tasks above. However, I want to limit the users in the specific groups from running commands from other groups. eg a user in admins shouldnt be able to restart the stack applications etc. I have tried using the ! to create an exception eg !/etc/init.d/httpd start for the users but its not working.
i've query regarding, user creation in Linux( RHEL 5), i.e, i've created a user ([root@localhost ~]#useradd slash ) and switched into that user, but am not able to run commands in it......It's displaying a message saying, PERMISSION DENIED. Do we need to provide any permissions while creating a user
I have a need to run a specific app as a specific user when the machine boots into init 3. I can not run this as root so I need to specify a user. Can someone tell me how to accomplish this?I usually have to log in and start this application by typing check -D which starts this app and daemonizes it. I want to be able to run that at boot with my normal user not root.I hope I explained this correctly.I have added it to rc.local but it runs as root.
None of these work. The only thing I've found that does work is:in.telnetd : IP_addressBut this is only a semi-viable solution because we will soon have multiple logins for the one username from different servers and sub-nets. Ideally, I'd like to be able to deny telnet and ssh access to this username regardless of where the login originates. I suppose it would be possible to specify each server IP, but that'll be a bear to maintain
So right now VNC is starting a session using :1. When I connect to that session, the terminal is logged in as root. I'd like for the terminal to be logged in as a different user as some of my end users are going to be using this and don't require such privileges. I found that I can "su" to a different user and start a new VNC daemon on :2 and when I connect to that session, the terminal is logged in as that user. What I want to do is get that to run at boot-up.
How to allow access to some commands having root privleges to be run by non root user. I am new to unix/linux and I have a major assignment. I have to find ways to run particular commands which can be run only by root from a non root user. I know sudo is one of the way but i need some different approach.
I run the openssh daemon on port 22 and have the proftp running on port 21. I would like to block SSH for a specific user.I use proftpd.I would like to prevent the SSH access for this user and leave the FTP working for this user specific.Into /etc/passwd, I tried to change the /bin/bash to /bin/false, but this blocks both SSH and FTP access for this account.
I was following a guide to stop Ubuntu from always asking the root password. And apparently i messed something up in vsudo edit or something like that i was in... So now when i put in a sudo command i get this...
>>> /etc/sudoers: syntax error near line 18 <<< sudo: parse error in /etc/sudoers near line 18 sudo: no valid sudoers sources found, quitting
trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.