HPE Community
Operating System - HP-UX
1830939 Members
2746 Online
110017 Solutions
New Discussion

Re: sudo - root access

 
SOLVED
Go to solution
Jim Purtell
Frequent Advisor

‎10-28-2004 08:17 AM

‎10-28-2004 08:17 AM

sudo - root access

All,
Does anyone know how to configure sudo to allow an average user to get to a root prompt, as opposed to using 'sudo -u some-command'?

If someone has the answer, could you include an example suders file?

Thanks in advance. .
Jim
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎10-28-2004 08:22 AM

‎10-28-2004 08:22 AM

Solution

Re: sudo - root access

# cat /usr/local/etc/sudo/sudoers

# Host Aliases
Host_Alias BOL=system1

# User Aliases
User_Alias S36ADM=user1,user2,user3

# Command Aliases
Cmnd_Alias SU=/usr/bin/su -

# Defaults specification

# User privilege specification
S36ADM BOL=SU


With the above sudoers file user1, user2 or user3 would do:

$ sudo /usr/bin/su -

To get FULL root access.
Reply
Jim Purtell
Frequent Advisor

‎10-28-2004 08:26 AM

‎10-28-2004 08:26 AM

Re: sudo - root access

Thank you Patrick,
Though, one question; would this log the users activity while in as root?

Jim
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎10-28-2004 08:36 AM

‎10-28-2004 08:36 AM

Re: sudo - root access

The fact that they used sudo to su to root would be logged in syslog or the sudo log file.

Any commands they run would not be logged via sudo, no. Sudo gives them the ability to do the 'su -'. Once they are at the # prompt, sudo is out of the picture.

You would have to have some other type of logging to log all of the commands they do.

I would be much more comfortable limiting users to specific commands. Once a user does a 'su -' and gets the root (#) prompt, they are root and can do anything they want on the system.
Reply
Jim Purtell
Frequent Advisor

‎10-28-2004 08:40 AM

‎10-28-2004 08:40 AM

Re: sudo - root access

Once again,
Thank you.
I appreciate your help, and will more than likely limit users to certain commands like you mentioned.

Jim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.