i want to create a sudo user, sudo user should not start or stop the service. as like a normal user i created a user called root2 and i edited the user with visudo command and added the below line to the user root2 and got the full privilages.
root2 ALL=(ALL) ALL
i commented the below line ##Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig eventhough the sudo user root2 can start and stop the service which i dont want to give that privilage.
I was adding me and my bud to a new group I created, but I used -G instead of -g as the tutorial suggested, I think this removed me from all other groups and put me in the new one. The same with my bud. Now I dont have sudo privileges, nor does my bud, and we have not set a password for the root account.
Code: sudo ls -l USER@SERVER:/var$ sudo password for USER: USER is not in the sudoers file. this incident will be reported. USER@SERVER:/var$
In researching current ldap issue (not being able to do anything but log in) it seems that there are no concepts of privileges, roles, etc. that could be assigned to a user in LDAP.
I've only seen fields that deal with name, organization, etc., not with application-specific access control.
I have to assign certain access privileges to users authenticated via LDAP server based on the privilege level mentoned in the LDAP server. How to attain this.
I have a rack of four 1TB drives all partitioned identically with three primary partitions. On each drive
- the first partition is only 64MB; - the second is a large 900GB partition and - the last holds all the remaining space
mdadm has been used to set up /dev/md0 - RAID1, comprised of /dev/sda1 and /dev/sdb1 /dev/md1 - RAID5, comprised of /dev/sda2, /dev/sdb2, /dev/sdc2, /dev/sdd2 /dev/md2 - RAID5, comprised of /dev/sda3, /dev/sdb3, /dev/sdc3, /dev/sdd3
OK, so it was a silly mistake to make - but I am now need to increase the size of /dev/md0. My thinking is to reduce the size of md1 so that I can grow md0.
On md1 I have two logical volumes. I've successfully reduced the size of the volume so that I can reduce the size of md1. Now I'm at the nervous stage; I can find little written on the topic of shrinking RAID5 arrays - and even if I do this I'm unsure if I can move partitions around to regain the space I so desire.
receive bash notice: "jim is not in the sudoers file."Just finished my first Debian install several hours ago, my first go around w/Debian. Installed 8.2 DVD ISO on USB. Had this issue from my first use in BASH, not a forgotten password problem. So 2 questions:
1) I'll be installing Debian again, and want to avoid this in future. There were 2 inputs on setup for name (my full name) and user (installer offered my first name which I accepted). 2 inputs for Password as well: I used the same password both times (have done this w/Mint & Ubuntu w/out issue).
2) How to fix this? Tried this: URL...however, neither keystroke got me to "rescue" prompt as article suggests. Several other articles presume an admin with privileges has sudo access to modify sudoers file.
I have multi-boot setup in BING environment (MBR, not EFI). I am booting from a GRUB2 ISO using grub commands as I still need GRUB installed in my boot partition until I can get cmd line access. I'm able to get a session on boot with the same password I used in setup.
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
I am developing a program that uses libusb-1.0 on a FC14 x64 system. I solved the compile and link issues, but I now have a problem with user privileges when I try to get device handles. The problem appears to be in the mounting of the usbfs. Is the an accepted fix to giving users read/write privileges for all usb devices?
I just got a fresh Ubuntu 10.04 install on a system, added Lubuntu (the poor thing's 10 years old), and added a second user and gave him sudo/admin rights via the Users and Groups app. All was working fine, but now the initial user can't make any system changes. The initial user can still execute sudo and gksudo, but not much else.
In the Network Connections applet, the initial user can't edit the "Auto eth0" connection, the "Edit" and "Delete" buttons are just greyed out.
In User and Groups, I can click "Advanced Settings" or "Change" on another user, but nothing will happen. If I click "Add User" as the initial user, it will give the "Not authorized" popup.
I had a second user that I'd given adminstrator/sudo access to. So to change the network settings I logged in as this user for the first time, and was able to change some things. However, after a reboot I had the same problems with this new account.
I haven't done anything with this install besides install openssh-server, add some firewall rules with ufw, and add the Lubuntu desktop. Most of my google results turned up basic stuff like corrupted sudoers file (mine is still in pristine, default condition), and not being part of the admin group (which both users still are). The behavior also persists regardless of whether I use gnome or Lubuntu for my session.
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere rootALL=(ALL) ALL Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
Is there a way to allow users from a remote account (say, those connecting to the X server from a remote location) to sudo? What kind of account do you need to add to /etc/sudoers to be able to allow this to happen?
i would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.
As per subject, what's the best way to run a CRON job for something that "normal" users need to run as SUDO? There is a problem with the internal clock on my PC so at a regular time (every hour or day for example) I want to sync with my Network Time server. I use "sudo ntpdate time.bgr.local" as it is now and have to enter my user's password for it to work.I know root is disabled by default and would like to keep it that way if possible but if I have to enable it and then add it to root's cron list the so be it but would prefer not to.
I decided to consult you before making any changes, because the clients' PCs are spread all over the country and I do not have the physical access to their boxes.The idea is to take away the ability of using sudo for common users.I know that the syntax of this file may vary a bit in different distributions.Our OS is Ubuntu 10.10.I created the account 'support' for me and other technician stuff of our department. So, 'support' user must have all the power. And common users mustn't have access to 'sudo'. This is the requirement.As far as I remember, in Slackware the user must be a member of 'wheel' group to be able to use 'sudo' (but I may be wrong).
I was trying to list sudo users in a Linux Machine,
[root@redhat ~]# grep -v -E '^#' /etc/sudoers root ALL=(ALL) ALL %work ALL=(ALL) ALL %dilipvp ALL=(ALL) ALL
where work is a group and dilipvp is user. Can you help me in creating a better script which can list the members of the group work as well. and why I am getting empty space in between.
so i have f12 installed on my hd with lvm using the whole extent of the HD , i want to reduce it so i can dual boot it with a windows system, i managed to reduce the logical volume to free some space, but i cant seem to reduce the physical volume, is this possible and how ?
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
I've installed rubygems on ubuntu, but it has a known issue that the rubygems' bin/ directory is not in the PATH. I know about exporting the PATH variable, and adding it to .bashrc, but I'd like to configure it so that every user has it on his PATH, even if he tries to run it with sudo. Where should I export the PATH variable then?
I am having trouble running commands by using sudo. I configured visudo file with localuser ALL=(ALL) ALL but I can't run any command, it tells me command not found.
I have a VPS running a web application served using Apache, that on average deals with 20-50 requests per second. It's usually above this point (50 requests per second) that the amount of memory that Apache uses is too high for the VPS and errors start occuring - web pages crash and VPS falls over for a minute or two before going back to normal levels.
I believe that MaxClients is the best way to reduce the amount of RAM that Apache uses and I am planning to reduce MaxClients from 256 (default value) to around 100. Each Apache process uses ~15MB and the server has 1900MB of ram in total - the server does nothing else other than run Apache and a few crons.
Current setting are:
Code: KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 3 # prefork MPM # StartServers: number of server processes to start
[Code].....
I tried reducing MaxClients before which lead to massive slowness, so I need some other options as well.
Does my suggestion of reducing MaxClients to ~100 seems sensible? What are my options if the server experiences slowness again - optimise the application? What's the best way to reduce memory usage - move images to another web server?
I am on a 172.16.x.x network with about 60 Windows XP home and Vista home clients in a peer-to-peer workgroup that uses DHCP to assign addresses. About half the traffic on my LAN is netbios broadcast. I do not want to do a WINS server because I do not want to have to manually change the registry on every machine. This is only for local name resolution and I do not have any web servers or e-mail servers. I do not have access to a Windows server to use as a DNS server. I am on Debian and using BIND but am open to other suggestions.
I'm using ubuntu 10.04. Apache server is associated with www-data.I frequently run into problems editing or deleting files created by a cgi script, as they have ownership of www-data:www-data.How can I safely modify my system so that the output files are editable or deletable by user tim?