My goal: I want to give users in the group "rtkprd" the ability to elevate their privileges and run a restricted shell script by using sudo. The full path to the shell script is /usr/local/bin/only_rtkprd.sh
The syntax of /etc/sudoers is giving me fits, to I've reduced my sudoers to a single log directive and a single line to enable the rtkprd group.
Code:
Defaults logfile=/var/log/sudo
%rtkprd ALL = (rtkprd) /usr/local/bin/only_rtkprd.sh
A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.
Suddenly I am not in the sudoers file. I am not sure how to recover from this. I have no grub screen at bootup, so I can't boot into single user. I think I am going to have to boot a live version of ubuntu to start with. Is that right? What's next after that? Also, how could this happen, I haven't touched the sudoers file or added users or anything like that (well not that I am aware of) I am a little concerned that this may be the result of someone breaking in? Would this be a likely symptom?
In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
I have tried several things to attempt to fix my sudoers file however it is still coming up with errors. The error says
[code]...
the sudoers configuration file is set to the default as I have ran a dpkg on it, have also uninstalled and reinstalled it, and went over the configuration file ensuring it looked like the defaults I had seen online.
This may be a stupid (?) question, but does any one know of a patch for sudo that allows the sudoers information to be pulled from mySQL? I run multiple servers with multiple people working on them and would like a one-stop update of permissions. Yes, I could use rsync or the like, but I'm just wondering if this has been done, or could be done.
(Sorry if this is the wrong forum, I'm kinda new around here, posting wise and this seemed to fit. Feel free to move it if it's not)
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere rootALL=(ALL) ALL Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
Wondering if anyone knows what the range specification is meant to do for the colonHAIN at the top of the iptables file? e.g. what is the 1:76 range mean for :OUTPUT ACCEPT [1:76] ?
# Generated by iptables-save v1.4.1.1 on Sat Dec 19 12:28:00 2009 *filter :INPUT ACCEPT [0:0]
I'm trying to backup a whole startup disk to another with GRSYNC but I don't need some files or directories. For example, I don't want to backup my 'swapfile1' (I do not have a dedicated swap partition) or the 'media' directory' in order to no enter a looping sync.I've searched the web for the correct syntax of the --exclude command but none have worked if applied in the advanced option "before" rsync starts. These a sample of NOT workin syntaxes:
exclude /media or -- exclude 'media' or -- exclude "media"
same for swapfile1:
exclude swapfile1 or -- exclude 'swapfile1' or -- exclude "swapfile1"
I am having problems on a server installation (9.10) with a kind of unstable sudoers file. Logging in as a user of group admin allows only sometimes to issue sudo commands.Most of the time I am getting a "not in sudoers file" errror.
When ever i open vim, i get the error that the following error: E484: Can't open file/abcd/configFiles/vim/syntax/syntax.vim There was a .vimrc file in my home folder that i have removed.
Still i keep getting the same error. Presently in my home folder there is no .gvimrc or .vimrc file.
But still i keep getting the same error. I am not too sure where this file is mentioned.
Background info: The SHELL has been changed from tcsh to bash Earlier i had created a .vimrc file in tcsh, i have removed the .vimrc in bash SHELL.
I am a Novell (now defunct) CNE tring to learn Linux and am having a lot of trouble finding out where the WB 6-6 is wrong in the syntax for adding local4... the the syslog-ng config file. In the instructions there are discrepancies between commas and simi-comma, they are both in the statements in no particular order. there is no pattern to them. Here is what the book shows:
filter f_local4debug { level(debug) and facility(local4); };
When I try to input this in the Gnome terminal window to try and find out where it goes wrong I get the following: -bash: syntax error near unexpected token "(" If I can get the correct syntax I belive I can use the info to get past the rest of this portion of the lesson. I am desperate to learn Linux as the only jobs out there for a Novell CNE are migrations to MS, which really sucks, since MS really really sucks.
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
I have installed debian 6 recently, and during installation I selected not to allow root login (and thereby enable my standard user to use sudo).If I check sudoers (by using visudo) my standard user is not listed anywhere, but he can still use the sudo command without any problems.Where else could this permission be stored?
I am going to school for IT Security and will be taking my first Linux class this semester. I have dabbled a little bit in Linux before this but never really had the time to get to involved so I put it off untill now. Now I am forced . Anywho...I just installed Fedora11 (dual booting with Vista home basic) and the first thing that I am trying to tackle is install VMware. I have access to a bunch of Window OS's because of school and would like to create a 'virtual' version of windows for things like iTunes. This way, i have to force myself to use Linux for everything and I can install it on the whole PC. Until then, I am going to dual boot. When I was trying to install VMware, I tried to do it from the Terminal using sudo sh then the file name which is a .bundle file, I typed in the password and it said that my account was not in the 'sudowers' profile or something like that. I read on-line that you can modify who can sudo and who can't in the ect/sudoers file but if has an 'X' at the top right and I can't open it. It says 'Could not display "/etc/Sudoers". I tried to use visudo in the terminal and it says that permission is denied.
I changed my user name, and now the Terminal shows my new user name.I log in with the same user name and the same password. But after changing the username, I can't get anything done as sudo. It says that I am not in the sudoers file, and I can't get in at all. I tried sudo visudo, sudo -i, sudo -l..When, I wrote sudo -l the following came in the Terminal.How do I get into sudoers file and give my new user name ariya the root privileges. Even my old user name doesn't work at all.
I recently installed Fedora 13 "Goddard" using the graphical installer (although I prefer the 'text/ reduced graphics' option.When I start the system (after installation completes), it runs in graphical mode and presents me with a graphical login prompt. However, due to security reasons (I'm told), it won't let me log on as the root/ admin user (which is fair enough).If I log on as another user (eg : alpha, charlie or delta, for this example), I can't edit the sudoes file to add one of these users (alpha) to the file. This is because these users aren't in the file, as far as I know.
At no stage during installation was I offered an option of either setting the runlevel or adding a non-root user to the sudoers file.I have found a way to change the runlevel setting, so that is not really an issue.What I would like is either of the following :
1. A modification to Fedora's graphical installer that allows for an explicit option to set the runlevel (graphical/ command-line) and another option to add the first created non-admin user (alpha in this example) to the sudoers file.
2. Information on how to add a user to the sudoers file without adding all others (eg : alpha, but not charlie and delta, in this example).
I have read the relevant man and info pages for the su, sudo, sudoers and visudo commands, but I only got confused. (I don't know BNF/ EBNF and I would like a solution that doesn't involve having to learn these BNF dialects, although I will if I have to.)Also, I have seen solutions that show how to add all users, but not individual users, to the sudoers file. What I want is to add an individual user (if this isn't clear already).Please feel free to send me an e-mail about this post : nigel.nq.ngw[at]gmail[dot]com with the subject line "Linux Forums - Fedora 13 Add User to Sudoers"
everytime i try to do anything with sudo i cant and this time it was extremelly costly. From now on i don't want to risk anything like this again and i need to be able to sudo.
I logged in as root and was trying to add a user to sudoers, but then when I tried to save it said that the file was write protected and couldn't be saved. However, when I returned to look at the contents of the sudoers file, they were all done. The file is now empty.
1- How can I restore the contents of the default sudoers file. (I have FC12) 2- How can I add a user (no password) to the sudoers list without this happening again?
I'm using Fedora to program Android, and have a directory with all the files I need. But my home directory isn't big enough to store my android directory. Is there any way to make more space to do this?When I have tried to install something using "sudo apt-get install (program name here), it says my name isn't in the sudoers file. What is this and how do I add my name to it to be able to install things from there?
How do I add myself to the Sudoers File? When I go to use the "Sudo" command, it tells me I am not in the Sudoers File, so I have to do "su -" to bypass it for the time being. How do I add myself?
I have accidentally deleted the contents of sudoers file (while trying to add a line through CLI).Anyway, I'm still logged in and can please someone paste me the default contents of the sudoers file on Lucid Lynx
