FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 10-26-2011, 11:31 PM
Steven Barre
 
Default sudo examples

Hello!

I understand how to configure sudo, but I don't get how to get
real-world use from it. Is it best to write custom scripts for the
things that need doing and give sudo access to those scripts?


Most of what I do as root is done because of file permissions. For
example, if I want a user to have access to a conf file but don't want
to change the file permissions of the conf file, how can I do this with
sudo?


Do you have any examples of how you use sudo to allow users to do some
basic tasks?


--
=================================================
Steven Barre
steven@realestatewebmasters.com

Systems and Support Manager
Real Estate Webmasters
==================================================

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 10-26-2011, 11:41 PM
Tom Curl
 
Default sudo examples

You just type sudo in front of the command you want to run.

Example sudo ls-la /root would list the files in root's home directory.



On Wed, 2011-10-26 at 16:31 -0700, Steven Barre wrote:
> Hello!
>
> I understand how to configure sudo, but I don't get how to get
> real-world use from it. Is it best to write custom scripts for the
> things that need doing and give sudo access to those scripts?
>
> Most of what I do as root is done because of file permissions. For
> example, if I want a user to have access to a conf file but don't want
> to change the file permissions of the conf file, how can I do this with
> sudo?
>
> Do you have any examples of how you use sudo to allow users to do some
> basic tasks?
>
> --
> =================================================
> Steven Barre
> steven@realestatewebmasters.com
>
> Systems and Support Manager
> Real Estate Webmasters
> ==================================================
>


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 10-26-2011, 11:45 PM
Tom Curl
 
Default sudo examples

You do need to set yourself up as a sudo user in the sudoers file by
using visudo as root.

If you've done that, you should be all set. Happy sudoing Steven.


On Wed, 2011-10-26 at 16:31 -0700, Steven Barre wrote:
> Hello!
>
> I understand how to configure sudo, but I don't get how to get
> real-world use from it. Is it best to write custom scripts for the
> things that need doing and give sudo access to those scripts?
>
> Most of what I do as root is done because of file permissions. For
> example, if I want a user to have access to a conf file but don't want
> to change the file permissions of the conf file, how can I do this with
> sudo?
>
> Do you have any examples of how you use sudo to allow users to do some
> basic tasks?
>
> --
> =================================================
> Steven Barre
> steven@realestatewebmasters.com
>
> Systems and Support Manager
> Real Estate Webmasters
> ==================================================
>


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 10-27-2011, 12:20 AM
frank cui
 
Default sudo examples

On Wed, Oct 26, 2011 at 8:31 PM, Steven Barre <
steven@realestatewebmasters.com> wrote:

> Hello!
>
> I understand how to configure sudo, but I don't get how to get real-world
> use from it. Is it best to write custom scripts for the things that need
> doing and give sudo access to those scripts?
>
> Most of what I do as root is done because of file permissions. For example,
> if I want a user to have access to a conf file but don't want to change the
> file permissions of the conf file, how can I do this with sudo?
>

I'm not sure about the solution using sudo, but definitely you could setup
an ACL for the file for more granular control over it.

>
> Do you have any examples of how you use sudo to allow users to do some
> basic tasks?
>

The sudo list, as you may know, can allow users to do specific categories of
tasks instead of authorizing all the root commands to them. For example, you
can delegate the abilities to restart a network service to a specific user.

>
> --
> ==============================**================== =
> Steven Barre
> steven@realestatewebmasters.**com <steven@realestatewebmasters.com>
>
> Systems and Support Manager
> Real Estate Webmasters
> ==============================**================== ==
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@**redhat.com<redhat-list-request@redhat.com>
> ?subject=unsubscribe
> https://www.redhat.com/**mailman/listinfo/redhat-list<https://www.redhat.com/mailman/listinfo/redhat-list>
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 10-27-2011, 12:31 PM
"Mertens, Bram"
 
Default sudo examples

>


Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830 Willebroek
VAT BE 0406.024.281, RPR Mechelen, ING 310-0092504-52, IBAN : BE64 3100 0925 0452, SWIFT : BBRUBEBB

-----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:redhat-list-
> bounces@redhat.com] On Behalf Of frank cui
> Sent: donderdag 27 oktober 2011 2:21
> To: General Red Hat Linux discussion list
> Subject: Re: sudo examples
>
> On Wed, Oct 26, 2011 at 8:31 PM, Steven Barre <
> steven@realestatewebmasters.com> wrote:
>
> > Hello!
> >
> > I understand how to configure sudo, but I don't get how to get real-world
> > use from it. Is it best to write custom scripts for the things that need
> > doing and give sudo access to those scripts?

Allowing the execution of shell scripts via sudo adds potential security issues. If the script can be modified or the behavior of the executing shell can be changed the user may gain more rights. See e.g. (first hit in google, there will be other examples) http://www.sudo.ws/pipermail/sudo-announce/2005-November/000053.html.

So scripts are probably not the recommended approach.

> > Most of what I do as root is done because of file permissions. For example,
> > if I want a user to have access to a conf file but don't want to change the
> > file permissions of the conf file, how can I do this with sudo?
> >
>
> I'm not sure about the solution using sudo, but definitely you could setup
> an ACL for the file for more granular control over it.

ACL's may indeed be a better solution to this approach because allowing a user to execute e.g. vi as root effectively grants complete access due to the possibility to use shell escapes in vi.
This can partly be addressed by using restricted vi but I haven't investigated that option further so I can't comment on that.

> > Do you have any examples of how you use sudo to allow users to do some
> > basic tasks?
> >
>
> The sudo list, as you may know, can allow users to do specific categories of
> tasks instead of authorizing all the root commands to them. For example, you
> can delegate the abilities to restart a network service to a specific user.

This is also our primary use case, off course init scripts are shell scripts too.

Regards

Bram

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 04:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org