HPE Community
Operating System - HP-UX
1829490 Members
1500 Online
109991 Solutions
New Discussion

sudo - how to allow lp cmds for a non-root user

 
SOLVED
Go to solution
Basheer_2
Trusted Contributor

‎04-11-2006 03:24 AM

‎04-11-2006 03:24 AM

sudo - how to allow lp cmds for a non-root user

Good morning
Just installed sudo 1.6.8p12 (11.0, 11.11 and 11.23)
Need to give access to non-root user ( operator) to
1) list print jobs
2) cancel jobs
3) mount nfs
4) umount nfs
5) add users

how to do this.

Thanks and Appreciate your help
0 Kudos
Reply
6 REPLIES 6
Antonio Cardoso_1
Trusted Contributor

‎04-11-2006 03:48 AM

‎04-11-2006 03:48 AM

Re: sudo - how to allow lp cmds for a non-root user

Hi basheer,

you just need to edit /etc/sudoers to grant permissions to various commands.
=> man sudoers will give you detailed information on rich features of this file.

A simple example :
User_Alias MYUSERS = joe, john
MYUSERS jupiter = NOPASSWD: EXEC: /usr/sbin/ioscan

will allo users joe, john to use ioscan command by running:
sudo /usr/sbin/ioscan

H.T.H.
antonio.


0 Kudos
Reply
Ramaprasad N
Honored Contributor

‎04-11-2006 05:59 AM

‎04-11-2006 05:59 AM

Re: sudo - how to allow lp cmds for a non-root user

Yeah, sudoes man page will provide all the details. You need to use visudo command, to edit the configuration file.
First you need to create a Command_Alias, for all the commands which you want to be executed from the specific list of users.
Ex: Cnmd_Alias SU = /usr/bin/su
Then you need to create a User_Alias, which will have all the users list.
ExL User_Alias TEST=joe, john, robert
Finally, grant privilege statement, to allow users to execute those commands.
Ex: = PASSWD/NOPASSWD:
In this example, TEST = PASSWD:SU

Hope it works,

Ram
0 Kudos
Reply
Robert Bennett_3
Respected Contributor

‎04-11-2006 07:08 AM

‎04-11-2006 07:08 AM

Re: sudo - how to allow lp cmds for a non-root user

we use sudo for our operators for many things, but we use restricted sam (sam -r) as well. We give operators restricted sam priveledges in the printers section and the user section.

Just another thought.
"All there is to thinking is seeing something noticeable which makes you see something you weren't noticing which makes you see something that isn't even visible." - Norman Maclean
0 Kudos
Reply
Rick Garland
Honored Contributor

‎04-11-2006 07:13 AM

‎04-11-2006 07:13 AM

Re: sudo - how to allow lp cmds for a non-root user

Here is an example. For additional commands just add to the end of this list.

%helpdesk ALL=NOPASSWD:ALL, /usr/sbin/accept,/usr/sbin/reject,/usr/sbin/lp
sched,/usr/bin/cancel,/usr/bin/cancel -e,/usr/bin/cancel
Reply
Basheer_2
Trusted Contributor

‎04-11-2006 07:44 AM

‎04-11-2006 07:44 AM

Re: sudo - how to allow lp cmds for a non-root user

Thanks All,

Robert,
pl can you tell me the steps to give sam -r for the user operator.
0 Kudos
Reply
Robert Bennett_3
Respected Contributor

‎04-11-2006 08:07 AM

‎04-11-2006 08:07 AM

Solution

Re: sudo - how to allow lp cmds for a non-root user

sure -

you have to be root

sam -r
cancel the "Load Priviliges" window
right click in the Restricted SAM Builder window - Disable All
Right click on the Accounts for Users and Groups Icon - Enable All ( note - you may want to restrict your operators further and can go within this Icon for more refinement)
Right Click on Printers and Plotters Icon - enable all ( same note is applicable)
Actions -> Templates -> Save - name it what you like (operators)
now close sam and go back into Restricted SAM - sam -r
highlight the user you want to have the restrcted sam priveleges - highlight template to be loaded (operator)
OK
Actions
Save Priveleges

Now here's a little shortcut - you will note that this has generated a file in /etc/sam/custom/.cf
you can easily copy this fiule for other users (they naturally need to already be users on the system) as in
cp /etc/sam/custom/username.cf /etc/sam/custom/newusername.cf
You can also use this to scp to other servers. saves a lot of time.

HTH
"All there is to thinking is seeing something noticeable which makes you see something you weren't noticing which makes you see something that isn't even visible." - Norman Maclean
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.