HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Community
System Administration
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUDO ROOT ACCESS

 
oprakash
oprakash
Frequent Advisor

‎08-06-2009 12:39 AM

‎08-06-2009 12:39 AM

SUDO ROOT ACCESS

Hi,

I have installed sudo 1.7.1 in hp ux 11.00 operating system. In which i have addedfew ID's for testing purpose.

But if user enter $ sudo /usr/bin/sh (or) $ sudo su root. they can access # prompt. I want to restrict this root access. I have gone through few installation notes, but i am not understand this.

Kindly find the below /etc/sudoers file for your reference, request you to suggest me for the same.
# pg /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification
User_Alias SERVERADMIN = oprakash,iychandr
User_Alias PROGRESSDBA = prohmann,kgarvey

# Cmnd alias specification
Cmnd_Alias CHMOD = /usr/bin/chmod
Cmnd_Alias CHOWN = /usr/bin/chown
Cmnd_Alias SAM = /usr/sbin/sam
# Defaults specification

# Runas alias specification
# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL
# SERVERADMIN
# Default
Defaults logfile=/var/adm/sudolog.log


0 Kudos
Reply
2 REPLIES
VK2COT
VK2COT
Honored Contributor

‎08-06-2009 01:28 AM

‎08-06-2009 01:28 AM

Re: SUDO ROOT ACCESS

Hello,

You need to change the following lines to
narrow down the listing of commands that SUDO
users can run:

SERVERADMIN ALL=NOPASSWD:ALL
PROGRESSDBA ALL=NOPASSWD:ALL

At the moment, you allow oprakash, iychandr,
prohmann, and kgarvey to execute ANY SUDO
command!

What exactly you want these accounts to be
able to run as privileged user?

We need more details on what you are trying
to achieve.

You have really good examples at:

http://www.sudo.ws/sudo/man/sudoers.html

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Sunny123_1
Sunny123_1
Esteemed Contributor

‎08-06-2009 01:56 AM

‎08-06-2009 01:56 AM

Re: SUDO ROOT ACCESS

Hi

You should change the last lines in your sodoers file.If you want to give them chmod access then make an entry like following

SERVERADMIN ALL= CHMOD
PROGRESSDBA ALL= CHMOD

SERVERADMIN ALL=(ALL) NOPASSWD: CHMOD
PROGRESSDBA ALL=(ALL) NOPASSWD: CHMOD


Regards
Sunny

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.