Skip to ContentSkip to Footer
Start of content
- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- SUDO ROOT ACCESS
System Administration
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-06-2009 12:39 AM
08-06-2009 12:39 AM
SUDO ROOT ACCESS
Hi,
I have installed sudo 1.7.1 in hp ux 11.00 operating system. In which i have addedfew ID's for testing purpose.
But if user enter $ sudo /usr/bin/sh (or) $ sudo su root. they can access # prompt. I want to restrict this root access. I have gone through few installation notes, but i am not understand this.
Kindly find the below /etc/sudoers file for your reference, request you to suggest me for the same.
# pg /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias SERVERADMIN = oprakash,iychandr
User_Alias PROGRESSDBA = prohmann,kgarvey
# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod
Cmnd_Alias CHOWN = /usr/bin/chown
Cmnd_Alias SAM = /usr/sbin/sam
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
# SERVERADMIN
# Default
Defaults logfile=/var/adm/sudolog.log
I have installed sudo 1.7.1 in hp ux 11.00 operating system. In which i have addedfew ID's for testing purpose.
But if user enter $ sudo /usr/bin/sh (or) $ sudo su root. they can access # prompt. I want to restrict this root access. I have gone through few installation notes, but i am not understand this.
Kindly find the below /etc/sudoers file for your reference, request you to suggest me for the same.
# pg /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias SERVERADMIN = oprakash,iychandr
User_Alias PROGRESSDBA = prohmann,kgarvey
# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod
Cmnd_Alias CHOWN = /usr/bin/chown
Cmnd_Alias SAM = /usr/sbin/sam
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
# SERVERADMIN
# Default
Defaults logfile=/var/adm/sudolog.log
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-06-2009 01:28 AM
08-06-2009 01:28 AM
Re: SUDO ROOT ACCESS
Hello,
You need to change the following lines to
narrow down the listing of commands that SUDO
users can run:
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
At the moment, you allow oprakash, iychandr,
prohmann, and kgarvey to execute ANY SUDO
command!
What exactly you want these accounts to be
able to run as privileged user?
We need more details on what you are trying
to achieve.
You have really good examples at:
http://www.sudo.ws/sudo/man/sudoers.html
Cheers,
VK2COT
You need to change the following lines to
narrow down the listing of commands that SUDO
users can run:
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
At the moment, you allow oprakash, iychandr,
prohmann, and kgarvey to execute ANY SUDO
command!
What exactly you want these accounts to be
able to run as privileged user?
We need more details on what you are trying
to achieve.
You have really good examples at:
http://www.sudo.ws/sudo/man/sudoers.html
Cheers,
VK2COT
VK2COT - Dusan Baljevic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-06-2009 01:56 AM
08-06-2009 01:56 AM
Re: SUDO ROOT ACCESS
Hi
You should change the last lines in your sodoers file.If you want to give them chmod access then make an entry like following
SERVERADMIN ALL= CHMOD
PROGRESSDBA ALL= CHMOD
SERVERADMIN ALL=(ALL) NOPASSWD: CHMOD
PROGRESSDBA ALL=(ALL) NOPASSWD: CHMOD
Regards
Sunny
You should change the last lines in your sodoers file.If you want to give them chmod access then make an entry like following
SERVERADMIN ALL= CHMOD
PROGRESSDBA ALL= CHMOD
SERVERADMIN ALL=(ALL) NOPASSWD: CHMOD
PROGRESSDBA ALL=(ALL) NOPASSWD: CHMOD
Regards
Sunny
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
End of content
United States
Hewlett Packard Enterprise International
Communities
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP