- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Sudo privealage
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2012 10:19 AM
09-25-2012 10:19 AM
Sudo privealage
Hello Admin,
For business copy script, i have added below line in sudoers.
#########BC_testing#######
User_Alias USER=orafpp,oraepp
USER ALL=(ALL) NOPASSWD: /opt/exsid27/dbciFPP/exsid_mod_BR.sh,/opt/exsid27/dbciEPP/exsid_mod_BR.sh
Does this will allow ora id to execute any root admin account. Or only the script.
thank you in advance,
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2012 03:08 PM
09-25-2012 03:08 PM
Re: Sudo privealage
I think it allows accounts orafpp and oraepp to run the listed shell apps., coming from any IP and as any account (including root) without entering the orafpp or oraepp passwords. If the scripts provide a shell escape of some sort, then yes you may be able to run anything on the system. Otherwise you're probably okay.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2012 12:07 AM
09-26-2012 12:07 AM
Re: Sudo privealage
bobjh, I'd just like to make one small correction.
Sudo does not from which host the user is coming in from: the ability to specify hostnames in the sudoers file is to allow you to maintain a single centralized sudoers file and sync it to all the hosts you have using whatever method you like. Or with newer versions of sudo, you can place the privilege definitions in a LDAP directory too.
If a sudoers privilege definition includes a hostname or a Host_Alias, the privilege definition takes effect only if (one of) the hostname(s) listed matches the current hostname of the system. Otherwise the definition will be ignored.
If a centralized sudoers file is not used, many admins always put ALL in the hostname field in a local sudoers file, so that the definitions won't stop working if the system hostname is changed.
User_Alias USER=orafpp,oraepp USER ALL=(ALL) NOPASSWD: /opt/exsid27/dbciFPP/exsid_mod_BR.sh,/opt/exsid27/dbciEPP/exsid_mod_BR.sh
So, this will allow users orafpp and oraepp to run the listed scripts on any system this sudoers file is used on. The users can run the script as any user, not just as root. There will be no password check for them.
This sudoers configuration will allow the users to specify any command line arguments for those scripts, so if the scripts need arguments, they should handle them very carefully. If the scripts use command line argumets like $1, $2 etc. without quoting, the user might be able to make the scripts execute unintended commands by specifying arguments that include spaces, or semicolons or other special characters.