HPE Community
Operating System - Linux
1753667 Members
5930 Online
108799 Solutions
New Discussion юеВ

Modifying the sudo file

 
Andrew Kaplan
Super Advisor

тАО01-28-2010 03:59 PM

тАО01-28-2010 03:59 PM

Modifying the sudo file

Hi there --

I need to modify the sudo file to allow a user account, nagios, the ability to run a particular command, du, as root user. The nagios user on the machine in question is set up with the /sbin/nologin shell. The recommended syntax is the following:

nagios ALL=(root) NOPASSWD: /usr/bin/du

My question is the following, when looking at the sudo file, is there a particular section where the above syntax should be inserted in order for it to work? One section that comes to mind is:

Cmnd alias specification

and another possibility is:

User privilege specification

What would be the best way to go? Thanks.
A Journey In The Quest Of Knowledge
0 Kudos
Reply
3 REPLIES 3
Matti_Kurkela
Honored Contributor

тАО01-28-2010 11:31 PM

тАО01-28-2010 11:31 PM

Re: Modifying the sudo file

The correct location for your planned line would be "User privilege specification".

The sections in the default sudoers file are just comments: you can probably configure things in any order you want, although if you use aliases, it might be required to _define_ an alias first before _using_ it in a privilege specification.

If you need to authorize a long list of other commands for Nagios, you might wish to use a command alias:

----
Cmnd_Alias NAGIOSCMDS = /usr/bin/du, /usr/bin/something_else, /usr/sbin/a_third_command,

nagios ALL=(root) NOPASSWD: NAGIOSCMDS
----

When your sudo configuration becomes more complex, using the aliases allows you to group things so that you can keep the actual privilege specifications short, simple and easy to understand.

But if you need just to authorize one user to run one or two commands, aliases are not necessary.

MK
MK
0 Kudos
Reply
Jupinder Bedi
Respected Contributor

тАО01-29-2010 03:18 AM

тАО01-29-2010 03:18 AM

Re: Modifying the sudo file

Cmnd_Alias is the better option.
All things excellent are as difficult as they are rare
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

тАО01-29-2010 03:26 AM

тАО01-29-2010 03:26 AM

Re: Modifying the sudo file

>My question is the following, when looking at the sudo file, is there a particular section where the above syntax should be inserted in order for it to work?

It is not important where (what line no.) you will put the new line.

There are no "sections" in sudoers file.

The lines preceeded by # are comments. And this is all.

It is important to respect the sintax.

You do not need aliases if you only assign right to one or two users and/or to one/two or so commands

Best regards,
Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.