- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sudo rights to unlock user id during odd hrs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2012 03:18 AM
тАО09-24-2012 03:18 AM
Hi Team ,
i have to give sudo rights to my prodctn team to unlock users only during odd hrs.
# Host Aliases
Host_Alias HR=uranus
# User Aliases
User_Alias EDI=unlockid
# Command Aliases
Cmnd_Alias COMMAND1=/usr/lbin/modprpw -kl
# User Privilege section
EDI HR=NOPASSWD: COMMAND1
Defaults:unlockid timestamp_timeout=0
When i chk it by logging through unlockid i getba msg saying ;
"Sorry, user unlockid is not allowed to execute '/usr/lbin/modprpw -kl test' as root on uranus"
Solved! Go to Solution.
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-24-2012 07:15 AM
тАО09-24-2012 07:15 AM
SolutionIf the Cmnd_Alias includes options, the user is now allowed to run the command only with the exact options specified in the alias specification, and nothing else.
If no options are included in the allowed command, then the user is allowed the run the command with any options.
If you want to allow running a command through sudo with no options, you would have to add an empty set of quotes:
Cmnd_Alias ALLOWED_ONLY_WITHOUT_OPTIONS=/some/command ""
In order to require options -kl but allow anything after that, you must add a wildcard to the Cmnd_Alias line.
I would also use meaningful alias names, i.e.:
... Cmnd_Alias UNLOCKUSERS=/usr/lbin/modprpw -kl * # User Privilege section EDI HR=NOPASSWD: UNLOCKUSERS ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-25-2012 04:41 AM
тАО09-25-2012 04:41 AM