HPE Community
Operating System - HP-UX
1846559 Members
1356 Online
110256 Solutions
New Discussion

Re: sudo

 
Adam Noble
Super Advisor

‎03-13-2003 02:10 AM

‎03-13-2003 02:10 AM

sudo

I have been tasked with giving a set of users root privilidge effectively.(dangerous I know)
Anyway they are simply going to be running a script which adds a user and then also edits a number of files to give the users access to certain applications, the script is interactive i.e they would decide which apps to give access. It has been suggested I should use sudo for this, does anyone have any experience of using sudo, and know of any security issues etc or can recommend any other way of doing this. SAM is not an option!
0 Kudos
Reply
6 REPLIES 6
Steve Steel
Honored Contributor

‎03-13-2003 03:07 AM

‎03-13-2003 03:07 AM

Re: sudo

Hi


have used sudo a lot over the years and works well.


www.software.hp.com

public domain software

search on sudo and read doc

I recommend it as a useful addition to the OS


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
David_246
Trusted Contributor

‎03-13-2003 03:10 AM

‎03-13-2003 03:10 AM

Re: sudo

Hi,

Sorry to see no response, I will try to give some info at least.

We use eTrust Access Control for these things, but it costs some money and need some implementation time. So, don't think it's an option.

Looking in google and search for "HP SUDO", it returns several adresses. Also SUID-bits should work on a shell-script. The shellscript should have an owner of root and gid of the group that should execute the command.
chmod u+s /command should do the rest.

Some info from google :

CU sudo 1.3 and higher supports hpux. Your best bet is
to grab pub/sysadmin/utilities/cu-sudo.v1.3.1-beta9.tar.Z from
ftp.cs.colorado.edu.



Best Regs David
@yourservice
0 Kudos
Reply
Kaare Andersen
New Member

‎03-13-2003 06:32 AM

‎03-13-2003 06:32 AM

Re: sudo

Hi,

some usefull informations can be found on

www.courtesan.com/sudo

Best regards,
Kan
0 Kudos
Reply
SSO Montgomery
Advisor

‎03-13-2003 11:48 AM

‎03-13-2003 11:48 AM

Re: sudo

We've begun using SUDO in the last 6 months. It works great. Even our SA's like to use it so they don't have to remember root's password. Just make sure at least one SA remembers root's password!
0 Kudos
Reply
Volker Borowski
Honored Contributor

‎03-13-2003 11:57 AM

‎03-13-2003 11:57 AM

Re: sudo

Adam,

take care, sudo can give you the impression of beinng secure while you are not.
If this "interactive script" is capable of escaping to a shell, this escaped shell will be a root shell ! May be the escape from this specific script is even possible by pressing ctrl-C ! If you sudo scripts, always make sure to trap ctrl-C.
If the user has write-access to the script in charge, he can put in anything there that he wants to execute as root.

Give only single commands to "sudo", make sure that these are not capeable to escape to a shell, and make sure that these are only writable by root in a directory only writable as root.

Always stay carefull
Volker
0 Kudos
Reply
Adam Noble
Super Advisor

‎03-14-2003 01:29 AM

‎03-14-2003 01:29 AM

Re: sudo

Thanks all this was exactly the sort of info I was looking for. I had read a similar thing with regard to being able to escape to a root shell, and this will need to be reviewed.

Thanks again
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.