HPE Community
Operating System - HP-UX
1837365 Members
3288 Online
110116 Solutions
New Discussion

Re: SUDO

 
ashan
Advisor

‎06-03-2003 07:35 PM

‎06-03-2003 07:35 PM

SUDO

Hi

I have install sudo utility in hpux11.00,How
do I give privilege normal user to do super
user task.

Best Regards

Ashan
0 Kudos
Reply
8 REPLIES 8
Patrick Wallek
Honored Contributor

‎06-03-2003 07:45 PM

‎06-03-2003 07:45 PM

Re: SUDO

Read the readme file and look at the documentation and man pages for the /etc/sudoers file. That is where you configure sudo and set up privileges for users.

You could start here:
http://www.courtesan.com/sudo/index.html

and look at the documentation links on this page.
0 Kudos
Reply
Michael Tully
Honored Contributor

‎06-03-2003 07:47 PM

‎06-03-2003 07:47 PM

Re: SUDO

You need to edit the /etc/sudoers file using the /usr/local/sbin/visudo utility. Do not use any other utility to make the changes.

example1 :

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
# This setting may be a security risk. Osamu

# Host alias specification - not using
Host_Alias LAN = 168.192.0.0/255.255.0.0
# User alias specification - not using, but using group
User_Alias STAFF = admin
User_Alias src=admin, debian, osamu
# Cmnd alias specification
Cmnd_Alias FILEUTILS = /bin/chown, /bin/chmod, /bin/chgrp, /bin/mount, /bin/umount, /usr/bin/cdrecord

Cmnd_Alias DEBUTILS = /usr/bin/dpkg, /usr/bin/apt-get

Cmnd_Alias EDITORS = /bin/vi, /bin/emacs

# User privilege specification
root ALL = (ALL) ALL
%staff ALL = (ALL) NOPASSWD: ALL
%src ALL = (ALL) NOPASSWD: FILEUTILS, DEBUTILS, EDITORS

Defaults:%staff !lecture
Defaults:%src !lecture
Defaults:%staff !authenticate
#Defaults:admin !authenticate

Further examples can be obtained here:

http://www.courtesan.com/sudo/man/sudoers.html

Regards
Michael
"When I have trouble spelling, it's called fat finger syndrome"





http://www.courtesan.com/sudo/man/sudoers.html
Anyone for a Mutiny ?
0 Kudos
Reply
ashan
Advisor

‎06-03-2003 10:30 PM

‎06-03-2003 10:30 PM

Re: SUDO

Hi,
Below is sudo configuration file and bb is my
normal user,I have login as bb and try to run
sudo bb

$ sudo - bb
Sorry, sudo must be setuid root.
$

I don't know my login is correct, please advice me.
Regards

Ashan
-------------------------------------------
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

Hosti_Alias LAN = 168.232.1.250/255.255.255.0

# User alias specification

User_Alias USERS = bb

# Cmnd alias specification

Cmnd_Alias FILEUTILS = /usr/bin/ll, /usr/bin/moun, /usr/bin/umount, /usr/bin/shutdown -ry 0

# Defaults specification
Defaults:%users !|ecture
Defaults:%users !|authenticate

# User privilege specification
root ALL=(ALL) ALL
%users ALL=(ALL) NOPASSWD: FILEUTILS

# Uncomment to allow people in group wheel to run all commands
#%wheel ALL=(ALL) ALL

# Same thing without a password
#%wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
0 Kudos
Reply
Michael Tully
Honored Contributor

‎06-03-2003 10:57 PM

‎06-03-2003 10:57 PM

Re: SUDO

The usage should be as follows:

$ id
bb
$ sudo umount /cdrom

Also it seems that you have incorrect permissions for the sudo binary.
They should be like this:
---s--x--x

To fix it as root:
# chmod 4111 sudo

Try again

Regards
Michael
"When I have trouble spelling, it's called fat finger syndrome"
Anyone for a Mutiny ?
0 Kudos
Reply
ashan
Advisor

‎06-03-2003 11:17 PM

‎06-03-2003 11:17 PM

Re: SUDO

Hi Michael,

Still I am get this mesg, something messing in the configuration..?

Regards

Ashan

ashan@uxadmin $Jun 4 15:12:52 uxadmin sudo: bb : parse error in /opt/sudo/etc/sudoers/sudoers near
line 9 ; TTY=pts/tb ; PWD=/ ; USER=root ; COMMAND=umount

$ id
uid=103(bb) gid=20(users)
$ sudo umount
>>> sudoers file: syntax error, line 9 <<<
>>> sudoers file: syntax error, line 19 <<<
>>> sudoers file: syntax error, line 20 <<<
>>> sudoers file: syntax error, line 21 <<<
sudo: parse error in /opt/sudo/etc/sudoers/sudoers near line 9
$
0 Kudos
Reply
Kiran Kumar Aekabote
Frequent Advisor

‎06-04-2003 12:23 AM

‎06-04-2003 12:23 AM

Re: SUDO

Hi Ashan

U have to edit the sudoers file using /opt/sudo/sbin/visudo. when u run the above command it will edit sudoers and give the user "bb" in user previlages as
bb ALL=ALL or
bb ALL=/usr/sbin/mount,/usr/sbin/umount,/usr/bin/su ( and many more )
In user aliases u have to specify the =bb
Save the file.
for /opt/sudo/sbin/sudo file set "set uid bit" like
chmod u+s /opt/sudo/sbin/sudo
To execute the commands as sudo user u have to type the command as /opt/sudo/sbin/sudo
ex. /opt/sudo/sbin/sudo /usr/bin/su
For the first time when u execute the command it will asks for the password confirmation of the user( i.e. bb) after submition, the command will be executed. The default duration for the session is 5 min. This can be changed or u can set without password while editing the visudoers file

for more info see the man page

Good Luck.
Kiran
You Just can't beat ME
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-04-2003 05:01 AM

‎06-04-2003 05:01 AM

Re: SUDO

There are syntax errors in your sudoers file.

Hosti_Alias LAN = 168.232.1.250/255.255.255.0

should be

Host_Alias LAN = 168.232.1.250/255.255.255.0


Cmnd_Alias FILEUTILS = /usr/bin/ll, /usr/bin/moun, /usr/bin/umount, /usr/bin/shutdown -ry 0


/usr/bin/moun should be /usr/bin/mount


Be sure to edit the sudoers file with visudo. This will perform syntax checks on your file and help you correct problems with it before saving it.
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-04-2003 05:01 AM

‎06-04-2003 05:01 AM

Re: SUDO

There are syntax errors in your sudoers file.

Hosti_Alias LAN = 168.232.1.250/255.255.255.0

should be

Host_Alias LAN = 168.232.1.250/255.255.255.0


Cmnd_Alias FILEUTILS = /usr/bin/ll, /usr/bin/moun, /usr/bin/umount, /usr/bin/shutdown -ry 0


/usr/bin/moun should be /usr/bin/mount


Be sure to edit the sudoers file with visudo. This will perform syntax checks on your file and help you correct problems with it before saving it.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.