1833877 Members
2154 Online
110063 Solutions
New Discussion

Re: sudo

 
Mehmood Ansari
Frequent Advisor

sudo

Hi

My previous problem with restricted sam, now I am trying to do the same things with sudo.
Now I want to give control to user=OPER to reboot the system and take backup etc.

What parameters shall I define in /usr/local/etc/sudo/sudoers. Please help me.
9 REPLIES 9
Jose Mosquera
Honored Contributor

Re: sudo

Hi,

Use "visudo" command to customize users permissions. Pls create any needed command aliases (Cmnd_Alias). i.e:
Cmnd_Alias FBACKUP=/usr/sbin/fbackup
Cmnd_Alias FRECOVER=/usr/sbin/frecover
Cmnd_Alias SDOWN=/usr/sbin/shutdown

Also you could define your Host alias specification, i.e:
Host_Alias MYHOSTS=

Then define users or a group that agroup several users with the same profile, i.e:
#cat /etc/group
operators::999:oper_day,oper_night

Again with "visudo" you must define the group execution permissions:

%operators MYHOST=NOPASSWD: FBACKUP, FRECOVER, SDOWN

This is a possible option that you have with sudo.

Rgds.
Mehmood Ansari
Frequent Advisor

Re: sudo

Hi Jose

Thanks for your guidance, but still problem. I am sendibng you the attachment, could you please check and find out where I am making error.

Thanks
Jose Mosquera
Honored Contributor

Re: sudo

Hi again,

Pls try the following post-installations steps:
#chmod 4111 /usr/local/sbin/sudo
#ls -l /usr/local/sbin/sudo
---x--x--x 1 root root 77824 May 8 2002 /usr/local/sbin/sudo

Ensure that sudo binary paths are included into /etc/PATH file. In my case "sudo" the binary file have been installed into /opt/sudo/bin and /opt/sudo/sbin, so I have include these paths an end of the current paths list (each path must be sepparated by ":" char).

Same for man files. In my case the man files are installed into /opt/sudo/man directory. So I've include this path into /etc/MANPATH file.

After this, logout an login again. You must execute visudo without path reference. A useful command to ensure auto-search execution feature is "whence" command. If you need check it run "whence visudo", so the current new path must be displayed.

Rgds.
Jose Mosquera
Honored Contributor

Re: sudo

Hi,

After that, also you must have available man files for sudo.

#man sudo
#man visudo
#man sudoers

Rgds.
Mehmood Ansari
Frequent Advisor

Re: sudo

Hi Jose
Still I am stuck up. Permission is ok. I add in /etc/PATH file as :
:/usr/local/bin/sudo
:/usr/local/etc/sudo
I did not add in etc/MANPATH, I can see:
man sudo
man visudo
man sudoers

I logged out and in again and try to auto search 'whence visudo' I could not see any path displayed.

Thanks
Victor BERRIDGE
Honored Contributor

Re: sudo

Hi,
You will find visudo in /usr/local/sbin...

All the best

Victor
Marlou Everson
Trusted Contributor

Re: sudo

To reboot the system, you may find that setting up a /etc/shutdown.allow file may meet your needs easier that sudo. Do a man 1m shutdown and look under the FILES section.

Just remember then you need to do a cd / before doing shutdown.

Also, I have found that if DNS is not working/available that it cannot validate the hostname in shutdown.allow and even root may not be able to shutdown the system. Then you just rename (mv) the shutdown.allow file.

Marlou
Sridhar Bhaskarla
Honored Contributor

Re: sudo

Hi,

---x--x--x 1 root root 114688 Oct 15 2003 sudo

Your permissions are still not correct. They should be ---s--x--x. Note the setuid bit.

Do

chmod 4111 sudo

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Mehmood Ansari
Frequent Advisor

Re: sudo

Hi

These are the path where should I change chmod 4111 sudo or visudo ?

./usr/local/man/man1m/sudo.1m
./usr/local/man/man1m/visudo.1m
./usr/local/man/man4/sudoers.4
./usr/local/bin/sudo
./usr/local/etc/sudo
./usr/local/etc/sudo/sudoers
./usr/local/doc/sudo
./usr/local/doc/sudo/BUGS
./usr/local/doc/sudo/CHANGES
./usr/local/doc/sudo/HPUX.Install
./usr/local/doc/sudo/INSTALL
./usr/local/doc/sudo/LICENSE
./usr/local/doc/sudo/README
./usr/local/doc/sudo/TODO
./usr/local/sbin/visudo
./var/adm/sw/products/sudo
./var/adm/sw/products/sudo/pfiles
./var/adm/sw/products/sudo/pfiles/INFO
./var/adm/sw/products/sudo/pfiles/INDEX
./var/adm/sw/products/sudo/sudo-RUN
./var/adm/sw/products/sudo/sudo-RUN/INFO