LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   limiting sudo (http://www.linuxquestions.org/questions/linux-general-1/limiting-sudo-429306/)

chud67 03-28-2006 11:23 AM

limiting sudo
 
Hi I am familiar with sudo and editing the sudoers file, however I have three questions:

1.) How would I give someone the ability to do everything except one privilege (ex: they can do everything EXCEPT create new users)?

2.) How would I log all the commands they've executed?

3.) How would I make their privileges expire on a certain date?

Thanks.

chud67 03-28-2006 11:25 AM

Sorry for posting this in the wrong area. Would a moderator please move this to Linux-General (or the appropriate forum)? Thanks.

Blinker_Fluid 03-28-2006 02:35 PM

I've messed around a little bit with sudo here's what I think...
Quote:

1.) How would I give someone the ability to do everything except one privilege (ex: they can do everything EXCEPT create new users)?
If they can do everything else they can modify the sudoers file to add users. I would recommend restricting commands to only what is needed. In the manual it says you can use a ! to indicate they can't use that command but if you give them everything else it isn't hard to go around it.
Quote:

2.) How would I log all the commands they've executed?
Most my experience is on solaris and sudo commands are logged by default. There are options available to modify how they are logged though
Check out http://www.courtesan.com/sudo/man/sudoers.html for full syntax
Quote:

3.) How would I make their privileges expire on a certain date?
I don't know of anything that would expire privilages, if it were me I would put in on my calendar and do it manually.

XavierP 03-29-2006 01:08 PM

As requested, moved to Linux-General


All times are GMT -5. The time now is 05:25 PM.