Sudoers Question

Sam Lalonde · ‎01-21-2003

I have production and development boxes in my environment. I want to setup sudoers so that users can have different sudo capabilities for production and development. For example, say my production boxes are dog and cat, and my development boxes are mouse and bird, how do I set it up so that the user john can do command1 in production and command2 in development. Also assume pat can do command1 and command2 in both environments. Is this correct?

Host_Alias PROD=dog,cat
Host_Alias DEV=mouse,bird
pat ALL=command1,command2
john PROD=command1
john DEV=command2

Do I make 2 separate entries for john, or does it look more like:

Host_Alias PROD=dog,cat
Host_Alias DEV=mouse,bird
pat ALL=command1,command2
john PROD=command1 DEV=command2

I'm just not sure on the formatting, any help would be appreciated.

fg_1 · ‎01-21-2003

2 seperate entries are needed. Here is an example of our sudoers file.

#
# /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

##
# User alias specification
##
User_Alias OPERATORS = %uxsysopr
User_Alias SYSADMINS = %uxsysadm
User_Alias BAKADMINS = %uxbakadm

##
# Runas alias specification
##
Runas_Alias ROOT = root

##
# Cmnd alias specification
##

Cmnd_Alias MOUNT_CDROM = /opt/CHS/root/bin/mount_cdrom
Cmnd_Alias UNMOUNT_CDROM = /opt/CHS/root/bin/unmount_cdrom
Cmnd_Alias CREATE_BOOT_TAPE = /opt/CHS/root/bin/create_boot_tape
Cmnd_Alias DISKINFO = /usr/sbin/diskinfo

##
# Override builtin defaults
##
Defaults syslog=auth
Defaults !lecture
Defaults mail_no_perms

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL

# operator may run
OPERATORS ALL = (ROOT) MOUNT_CDROM, UNMOUNT_CDROM, CREATE_BOOT_TAPE
SYSADMINS ALL = (ROOT) MOUNT_CDROM, UNMOUNT_CDROM, CREATE_BOOT_TAPE, DISKINFO
BAKADMINS ALL = (ROOT) DISKINFO

Sridhar Bhaskarla · ‎01-21-2003

Hi,

You can seperate them using :

john PROD=command1:DEV=command2

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Sudoers Question

Sudoers Question

Re: Sudoers Question

Re: Sudoers Question