https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694791#M247953 Does all users belong to one single group?<BR />then,<BR />cmnd_alias lp_commands=/usr/sbin/lpfence, lpshut, xxyc, ereette<BR />%group_name ALL=lp_commands <BR /><BR />This would give all users in group_name access to all commands that you specify for alis lp_commands. Tue, 20 Dec 2005 05:42:41 GMT RAC_1 2005-12-20T05:42:41Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694790#M247952 Hi All,<BR /><BR />Would like to have your advices on sudo issue.<BR />how can i assign full control of a printer for a user or group of users by using sudo.<BR />if i assign command lpfence using sudo for a user. Is there a way to only allow him to control only his printers. lpfence involves with shuting down the spooler (lpshut).<BR />Please advice!<BR />Regards,<BR />Tom<BR /><BR /> Tue, 20 Dec 2005 05:29:57 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694790#M247952 tom quach_1 2005-12-20T05:29:57Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694791#M247953 Does all users belong to one single group?<BR />then,<BR />cmnd_alias lp_commands=/usr/sbin/lpfence, lpshut, xxyc, ereette<BR />%group_name ALL=lp_commands <BR /><BR />This would give all users in group_name access to all commands that you specify for alis lp_commands. Tue, 20 Dec 2005 05:42:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694791#M247953 RAC_1 2005-12-20T05:42:41Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694792#M247954 Bit tedious, but you can define the command for each user, and add to the command the argument for the printer. That is, instead of defining a alias for the printer commands and assigning it to a group, you have to define 1 line per user &amp; printer :<BR /><BR />jcouto ALL = (root) /usr/sbin/lpfence coutoprinter<BR /><BR />now I could call sudo /usr/sbin/lpfence coutprinter 10 BUT sudo would not let me do the lpfence for any other printer.<BR /> Tue, 20 Dec 2005 06:25:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694792#M247954 Jesús Couto Fandiño 2005-12-20T06:25:18Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694793#M247955 The lp user has permission to run the lp commands but I suspect that you don't want the helpers to use *every* lp command. In the sudoers file, you can enumerate each of the allowed commands. The usual commands would be lpadmin (but you may need to limit the options in case a helper accidently deletes a printer), cancel, accept, reject. The good news is that you only need to create the sudo user once with all the needed commands. Tue, 20 Dec 2005 08:53:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694793#M247955 Bill Hassell 2005-12-20T08:53:11Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694794#M247956 Thanks- Rac, Jesu', Bill for your help.<BR /><BR /><BR />this line in my sudoers file works fine<BR />tom ALL = NOPASSWD:/usr/bin/cancel<BR />but if i added a printer name "printer1" at the end, sudo will prompt for a password.<BR />tom ALL = NOPASSWD:/usr/bin/cancel printer1<BR />or even i used command from jesu'<BR />tom ALL = (root)/usr/bin/cancel printer1<BR /><BR />it still asks for a password.<BR /><BR />is there a way for sudo to assign certain permission for certain user to take of certain task.<BR />ex:cancel command to allow users to canccel only printers assign to him in sudoers file or assign kill command and only allow him to kill processes in his group.<BR /><BR />Regards,<BR />Tom<BR /><BR /><BR /> Sat, 24 Dec 2005 07:12:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-with-limited-permission/m-p/3694794#M247956 tom quach_1 2005-12-24T07:12:48Z