topic Re: sudo in Operating System - Linux

sudo

Tarek_1 — Wed, 24 Jul 2002 13:34:32 GMT

Hallo all..
on redhat i want that a user can issue some root commands, for example mount. How can i do that?
Just modifying /etc/sudoers?
How this file is modified? I have checked the man file, but i still need help.
I edited the /etc/sudoers with visudo, and there's a line for root
root ALL=(ALL) ALL
I tried with:
oracle mount
but i get
>>> sudoers file: syntax error, line 16 <<<
How can configure it correctly?

Re: sudo

Steven Mertens — Wed, 24 Jul 2002 17:26:07 GMT

hi,

Here's a good article with some examples
how to use sudo.

http://www.linuxmuse.com/articles.php?action=section&article=15&num=1

regards.

Steven

Re: sudo

Mark Fenton — Wed, 24 Jul 2002 19:32:42 GMT

Tarek, the man page for sudoers has some examples down toward the bottom that are reasonably succinct. But to give an example, here's what your sudoers (edited via visudo) might look like:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL
oracle ALL= /sbin/mount, /sbin/umount

Re: sudo

Stuart Browne — Wed, 24 Jul 2002 22:33:13 GMT

The other option is to make an entry in the /etc/fstab for your NFS mount with the 'user' option (or 'users' if someone else will un-mount it).

This way they can not modify any of the other mounts on the system, just theirs. Unfortunately, this doesn't tie it to a signle user who can issue the 'mount' command, but any user.

(see 'man 8 mount')

Re: sudo

Ceesjan van Hattum — Thu, 25 Jul 2002 08:51:44 GMT

Hi,
Here i have a working example of sudoers:

overseer ALL = (x400) NOPASSWD: ALL
overseer ALL = (root) NOPASSWD: /usr/contrib/bin/overpid,/usr/bin/kill
overseer ALL = (bb) NOPASSWD: /home/bb/bb18c1/runbb.sh
www ALL = (overseer) NOPASSWD: /home/overseer/checkstatus

Here:
1. the user 'overseer' can act like x400 without password.
2. the user 'overseer' can user overpid and kill as root without password
3. the user 'overseer' can use runbb.sh as 'bb' without password
4. here the user 'www' can user checkstatus as user 'overseer'.

Works quit well, only sometimes it is better to use techniques like stickybits etcetera.

Regards,
Ceesjan