1839158 Members
3076 Online
110136 Solutions
New Discussion

Re: SUDO rights

 
SOLVED
Go to solution
praveen..
Super Advisor

SUDO rights

Hi,
I need to give root preveliages to one user "db2root".

How to enable sudo for this user in RHEL.

Please suggest

thanks
12 REPLIES 12
Alexander Chuzhoy
Honored Contributor
Solution

Re: SUDO rights

as root run visudo.
The add a line to the end of the file:
db2root ALL=(ALL) ALL


save and close.
Not db2root can execute any command by running:
sudo
By default he'll be prompted for his password, which can also be eliminated.
Vitaly Karasik_1
Honored Contributor

Re: SUDO rights

first at all, you should decide which command[s] this user should be able to run as root.

and for configuring sudo itself - see http://www.onlamp.com/lpt/a/2680
praveen..
Super Advisor

Re: SUDO rights

Thanks

can you please let me know

from which file i can get the list of command which db2root user runs using sudo

it is not showing in /var/log/sudo.log & /var/log/messages

Thanks
Vitaly Karasik_1
Honored Contributor

Re: SUDO rights

IIRC, it should be under /var/log/messages or /var/log/security
Alexander Chuzhoy
Honored Contributor

Re: SUDO rights

Executed command are listed in /var/log/secure.
You can also configure the sudo the send you an e-mail for each sudo execution.
praveen..
Super Advisor

Re: SUDO rights

hi,
thank you very much. can you please let me know how to configure the sudo the send me an e-mail for each sudo execution.

This will be very helpful for me for monitoring purpose

Thanks
Alexander Chuzhoy
Honored Contributor

Re: SUDO rights

Add the following line to /etc/sudoers (run visudo to edit):
Defaults:ALL mailto="email_address@domain",mail_always
praveen..
Super Advisor

Re: SUDO rights

Hi Alex,
This entry is sending me the email after each command

is it possible that can i get the list of command which were run in last 24 hours in 1 mail.


Thanks
Alexander Chuzhoy
Honored Contributor

Re: SUDO rights

you can create a crontab entry that will run on a daily basis and send you an e-mail with the output of `grep sudo /var/log/secure`.
praveen..
Super Advisor

Re: SUDO rights

Hi Alex,

But the output of `grep sudo /var/log/secure` will be all days,

I want just for the last 24 hours on daily basis.

Thanks
Alexander Chuzhoy
Honored Contributor

Re: SUDO rights

AFAIK,all entries in log file include dates.
So the script, which will be executed at 00:00 for example, based on current date, should calculate the previous date and send you the output of :
`cat /var/log/secure|grep sudo |grep $previous_date`.

If no one will provide you with such script example-I'll try post it as soon as I'll get to Linux machine...
Ivan Ferreira
Honored Contributor

Re: SUDO rights

You can also force logrotate to rotate daily the /var/log/secure file.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?