Operating System - HP-UX
1748122 Members
3172 Online
108758 Solutions
New Discussion юеВ

sudo rights to unlock user id during odd hrs

 
Go to solution
zxcv
Super Advisor

sudo rights to unlock user id during odd hrs

Hi Team ,

i have to give sudo rights to my prodctn team to unlock users only during odd hrs.

# Host Aliases
Host_Alias HR=uranus

# User Aliases
User_Alias EDI=unlockid

# Command Aliases

Cmnd_Alias COMMAND1=/usr/lbin/modprpw -kl


# User Privilege section

EDI HR=NOPASSWD: COMMAND1

Defaults:unlockid timestamp_timeout=0

 

 

When i chk it by logging through unlockid i getba msg saying ;

 

"Sorry, user unlockid is not allowed to execute '/usr/lbin/modprpw -kl test' as root on uranus"

2 REPLIES 2
Matti_Kurkela
Honored Contributor
Solution

Re: sudo rights to unlock user id during odd hrs

If the Cmnd_Alias includes options, the user is now allowed to run the command only with the exact options specified in the alias specification, and nothing else.

 

If no options are included in the allowed command, then the user is allowed the run the command with any options.

If you want to allow running a command through sudo with no options, you would have to add an empty set of quotes:

 

Cmnd_Alias ALLOWED_ONLY_WITHOUT_OPTIONS=/some/command ""

 

In order to require options -kl but allow anything after that, you must add a wildcard to the Cmnd_Alias line.

 

I would also use meaningful alias names, i.e.:

...
Cmnd_Alias UNLOCKUSERS=/usr/lbin/modprpw -kl *

# User Privilege section

EDI HR=NOPASSWD: UNLOCKUSERS
...

 

 

 

 

 

MK
zxcv
Super Advisor

Re: sudo rights to unlock user id during odd hrs

Thanks Matti.