Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 03:22 AM
06-15-2003 03:22 AM
Sudo
I Installed sudo and it works wonderfull.
I have one little problem.
I gave a user the option to "kill -9" processes. But he can only "kill -9" his own pids. Anyone knows the corrcet syntax for visudo to let him kill anything but root's pids?
Thank you.
Noa.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 04:40 AM
06-15-2003 04:40 AM
Re: Sudo
You may need to set the 'stay_setuid' parameter in the sudoers file.
Are you using 'runas_spec'? Note this section:
operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT, /usr/oper/bin/
The operator user may run commands limited to simple maintenance. Here, those are commands related to backups, killing processes, the printing system, shutting down the system, and any commands in the directory /usr/oper/bin.
...where the command set described above refers to alias' built within:
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, /usr/sbin/rrestore
Cmnd_Alias KILL = /usr/bin/kill
http://www.sudo.ws/sudo/man/sudoers.html#examples
http://www.sudo.ws/sudo/man/visudo.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 05:48 AM
06-15-2003 05:48 AM
Re: Sudo
Here is the file I'm using.
The kill command works - but only for the same user running it - I mean:
If my user is acadminhd and i'm running
ps -ef |grep acadminhd
and then
kill -9 $$ (where $$ is the pid I foubd on the "ps -ef") - it works.
BUT if my user is acadminhd and I run "ps -ef |grep
and then
kill -9 <$$ of another user> - it doesn't work. I get the "permission denied".
Help ((:
Noa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 04:09 PM
06-15-2003 04:09 PM
Re: Sudo
I would say use Runas_Alias and specify a group of users in it and then use it in declaring the kill command.
Runas_Alias VICTIMS = user1, user2, user3Cmnd_Alias KILLIT = /usr/bin/kill
...
user ALL = (VICTIMS) NOPASSWD: KILLIT
The User 'user' should be able to kill the processes as "VICTIMS" without supplying the password.
Look at the man page of "sudoers" for more information.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 10:12 PM
06-15-2003 10:12 PM
Re: Sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 10:24 PM
06-15-2003 10:24 PM
Re: Sudo
look up.. (:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2003 11:50 PM
06-15-2003 11:50 PM
Re: Sudo
Is there any way to use a group instead?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2003 10:19 AM
06-16-2003 10:19 AM
Re: Sudo
Add it to your sudoers file.
You can set the script logic to allow a kill -9 of any process if the owner is not root (or whatever)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-16-2003 10:41 AM
06-16-2003 10:41 AM
Re: Sudo
Runas_Alias VICTIMS = %usergroup
user ALL = (VICTIMS) /usr/bin/kill
user%myhost>sudo -u user1 kill 12120
Where 12120 is the pid of the process run by user1 in the group 'usergroup'.
-Sri