sudo'ers, I need help!

sudo'ers, I need help!

[Benjamin Walkenhorst]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

I use SuSE Linux 7.3 Professional (with linux-2.4.20 + cryptoapi and 
cryptoloop patches) on a Pentium III 450 with 256 MB of RAM. It is a single 
machine, no local network, just the ISDN adapter for internet. 
Being both the only user and the administrator, I use a non-root account for 
everyday work and mostly su to root, if I need root privileges. But often 
there is just a single command I want to run or a single file I want to edit 
(like building a new kernel and re-running /sbin/lilo or editing /etc/fstab), 
and I am aware of the sudo command allowing users to run a command with root 
privileges without having to authentify as root and avoiding the risks of 
suid-bits. For users to run sudo <command>, root has to edit /etc/sudoers and 
add an entry like "user_X is allowed to run command_y as root. 

But I don't know about the file format: there is a manpage on this file, but 
I didn't find it to be any help. 
Can anyone explain this file to me? Give some nice examples, maybe? Or tell 
me if there is some kind of HOWTO? If found a German introduction, but I 
still don't know how to do this. ;-( 
What I want to learn is allow userX to run some commands like vi, make, cp, 
lilo, mount, ... as root. 
SUID is not what I want, since I do not always want to run these commands as 
root, just sometimes. 

Or might sudo not be what I am looking for?

Thank you very much,

Kind regards,

Benjamin Walkenhorst

- -- 
"Der Hoffnung beraubt sein,
 heiflt noch nicht - verzweifeln."
(Albert Camus)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Public Key available at http://www.krylon.de

iD8DBQE/GvEcoYumWdMvhMQRAiCTAJ9SGUDd4uiUh6+sPoYkOch4VukcIQCgibMz
TaXxMj6qodvlbSiV/IK0S3k=
=d3Mx
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: sudo'ers, I need help!

[thomas.wallrafen]

[-- Attachment #1: Type: text/plain, Size: 1003 bytes --]

Hi Benjamin!

Thus spoke Benjamin Walkenhorst:
> Or might sudo not be what I am looking for?

Well, sudo is great for a job like this.
For the case you are the only user who wants to run the /sbin/lilo
command i'd suggest you append the following line to your /etc/sudoers
file (using the visudo command as root):

$USERNAME   $HOSTNAME = (root) /sbin/lilo

Please substitute the user and hostname variables to the appropriate
values of your local configuration.


In the case you want to allow multiple users use one command you have to
define an user-alias, a command alias and, if the command is used on
multiple hosts, a host alias like this:

User_Alias LILO_USERS = user1, user2, ... , usern

Cmnd_Alias LILO_CMND = /sbin/lilo

Host_Alias LILO_HOSTS = hosts1, host2, ..., hostn

LILO_USERS  LILO_HOSTS = (root) LILO_CMND

Note that the /etc/sudoers file is case-sensitive!


regards,

    thomas

-- 
/"\
\ / ASCII ribbon campaign
 X  against HTML-mail
/ \

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Thanks for help!

[Benjamin Walkenhorst]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

It seems like sudo is not only what I've been looking for, but can be very 
useful for a lot of circumstances.

For now, the answers I got were very helpful, thank you all very much!

Kind regards,

Benjamin

- --
"Der Hoffnung beraubt sein,
 heiflt noch nicht - verzweifeln."
(Albert Camus)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Public Key available at http://www.krylon.de

iD8DBQE/HBB0oYumWdMvhMQRAuVVAJ95dXuSCAOS3yJ1RbWqd8yKqMrRGgCeMnpY
oLM4BbIg6OJ0K4MgY8VGJag=
=Hma5
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: sudo'ers, I need help!

[- Luis -]

Hey there,

i got my workstation running linux, so like you im the root and also the
only user, so i recomend to you edit the sudoers file, to do this you
got to log as root, and make chnmod 640 /etc/sudoers to give write
permissions, and add you user behind root like this:

username ALL=(ALL) NOPASSWD: ALL

or 

username ALL=(ALL) ALL

(change 'username' with your user)

the diference is if you wanto to be ask for you password each time you
use sudo or not.  This is for security reasons, it give the chance to
think twice what you are doing.

save and quit, and dont forget to make chmod 440 /etc/sudoers again.



Le dim 20/07/2003 à 13:44, Benjamin Walkenhorst a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello everybody,
> 
> I use SuSE Linux 7.3 Professional (with linux-2.4.20 + cryptoapi and 
> cryptoloop patches) on a Pentium III 450 with 256 MB of RAM. It is a single 
> machine, no local network, just the ISDN adapter for internet. 
> Being both the only user and the administrator, I use a non-root account for 
> everyday work and mostly su to root, if I need root privileges. But often 
> there is just a single command I want to run or a single file I want to edit 
> (like building a new kernel and re-running /sbin/lilo or editing /etc/fstab), 
> and I am aware of the sudo command allowing users to run a command with root 
> privileges without having to authentify as root and avoiding the risks of 
> suid-bits. For users to run sudo <command>, root has to edit /etc/sudoers and 
> add an entry like "user_X is allowed to run command_y as root. 
> 
> But I don't know about the file format: there is a manpage on this file, but 
> I didn't find it to be any help. 
> Can anyone explain this file to me? Give some nice examples, maybe? Or tell 
> me if there is some kind of HOWTO? If found a German introduction, but I 
> still don't know how to do this. ;-( 
> What I want to learn is allow userX to run some commands like vi, make, cp, 
> lilo, mount, ... as root. 
> SUID is not what I want, since I do not always want to run these commands as 
> root, just sometimes. 
> 
> Or might sudo not be what I am looking for?
> 
> Thank you very much,
> 
> Kind regards,
> 
> Benjamin Walkenhorst
> 
> - -- 
> "Der Hoffnung beraubt sein,
>  heißt noch nicht - verzweifeln."
> (Albert Camus)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
> Comment: Public Key available at http://www.krylon.de
> 
> iD8DBQE/GvEcoYumWdMvhMQRAiCTAJ9SGUDd4uiUh6+sPoYkOch4VukcIQCgibMz
> TaXxMj6qodvlbSiV/IK0S3k=
> =d3Mx
> -----END PGP SIGNATURE-----
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
-- 
- -- 
Luis Valencia
- ------------------------
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
- --Peter J. Schoenster


-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html