- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SUDO ROOT ACCESS
Operating System - HP-UX
1752220
Members
5264
Online
108785
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2009 12:39 AM
тАО08-06-2009 12:39 AM
SUDO ROOT ACCESS
Hi,
I have installed sudo 1.7.1 in hp ux 11.00 operating system. In which i have addedfew ID's for testing purpose.
But if user enter $ sudo /usr/bin/sh (or) $ sudo su root. they can access # prompt. I want to restrict this root access. I have gone through few installation notes, but i am not understand this.
Kindly find the below /etc/sudoers file for your reference, request you to suggest me for the same.
# pg /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias SERVERADMIN = oprakash,iychandr
User_Alias PROGRESSDBA = prohmann,kgarvey
# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod
Cmnd_Alias CHOWN = /usr/bin/chown
Cmnd_Alias SAM = /usr/sbin/sam
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
# SERVERADMIN
# Default
Defaults logfile=/var/adm/sudolog.log
I have installed sudo 1.7.1 in hp ux 11.00 operating system. In which i have addedfew ID's for testing purpose.
But if user enter $ sudo /usr/bin/sh (or) $ sudo su root. they can access # prompt. I want to restrict this root access. I have gone through few installation notes, but i am not understand this.
Kindly find the below /etc/sudoers file for your reference, request you to suggest me for the same.
# pg /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
User_Alias SERVERADMIN = oprakash,iychandr
User_Alias PROGRESSDBA = prohmann,kgarvey
# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod
Cmnd_Alias CHOWN = /usr/bin/chown
Cmnd_Alias SAM = /usr/sbin/sam
# Defaults specification
# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
# SERVERADMIN
# Default
Defaults logfile=/var/adm/sudolog.log
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2009 01:28 AM
тАО08-06-2009 01:28 AM
Re: SUDO ROOT ACCESS
Hello,
You need to change the following lines to
narrow down the listing of commands that SUDO
users can run:
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
At the moment, you allow oprakash, iychandr,
prohmann, and kgarvey to execute ANY SUDO
command!
What exactly you want these accounts to be
able to run as privileged user?
We need more details on what you are trying
to achieve.
You have really good examples at:
http://www.sudo.ws/sudo/man/sudoers.html
Cheers,
VK2COT
You need to change the following lines to
narrow down the listing of commands that SUDO
users can run:
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
At the moment, you allow oprakash, iychandr,
prohmann, and kgarvey to execute ANY SUDO
command!
What exactly you want these accounts to be
able to run as privileged user?
We need more details on what you are trying
to achieve.
You have really good examples at:
http://www.sudo.ws/sudo/man/sudoers.html
Cheers,
VK2COT
VK2COT - Dusan Baljevic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2009 01:56 AM
тАО08-06-2009 01:56 AM
Re: SUDO ROOT ACCESS
Hi
You should change the last lines in your sodoers file.If you want to give them chmod access then make an entry like following
SERVERADMIN ALL= CHMOD
PROGRESSDBA ALL= CHMOD
SERVERADMIN ALL=(ALL) NOPASSWD: CHMOD
PROGRESSDBA ALL=(ALL) NOPASSWD: CHMOD
Regards
Sunny
You should change the last lines in your sodoers file.If you want to give them chmod access then make an entry like following
SERVERADMIN ALL= CHMOD
PROGRESSDBA ALL= CHMOD
SERVERADMIN ALL=(ALL) NOPASSWD: CHMOD
PROGRESSDBA ALL=(ALL) NOPASSWD: CHMOD
Regards
Sunny
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP