Operating System - HP-UX
1748098 Members
5820 Online
108758 Solutions
New Discussion юеВ

Re: providing crontab access for a user by sudo

 
gany59
Regular Advisor

providing crontab access for a user by sudo

I want to give the permission to run the crontab command for the user called naraguna. So the below line is correct for putting the entry in the /etc/sudoers file.

naraguna ALL=(root)NOPASSWD:/usr/bin/crontab

Correct me if i am wrong.. Thanks in advance!
4 REPLIES 4
Johnson Punniyalingam
Honored Contributor

Re: providing crontab access for a user by sudo

see below has example


user1 ALL = NOPASSWD:/housekeep/scripts/wintel/cleanup
Problems are common to all, but attitude makes the difference
gany59
Regular Advisor

Re: providing crontab access for a user by sudo

can i know what is the meaning of ALL.

and i some forums i have seen the % symbol in front of the user name in /etc/sudoers file. what might be the reason for that. Please clarify Johnson..

Thanks!
Simhan
Matti_Kurkela
Honored Contributor

Re: providing crontab access for a user by sudo

The word ALL before the = sign in the examples above means the sudoers line is in effect in all hosts that have it in their sudoers file.

If you choose to manage your sudoers file centrally, and use the same file in many hosts, you can use host names in that place to create sudoers definitions that apply in some specific hosts.

The % sign in front of a name means it's a group name, not an user name.

MK
MK
Ralph Grothe
Honored Contributor

Re: providing crontab access for a user by sudo

> naraguna ALL=(root)NOPASSWD:/usr/bin/crontab

Is that really your intention?
Consider that thus user naraguna is allowed to edit root's crontab, enabling them to schedule any (possibly nefarious) script or program to be executed as root.
If instead it was only intended for naraguna to peek into root's scheduled cronjobs, it maybe would be wiser to change the sudoers line into:

naraguna ALL = NOPASSWD /usr/bin/crontab -l
Madness, thy name is system administration