LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page limiting sudo
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 03-28-2006, 11:23 AM   #1
chud67
Member
 
Registered: Jul 2004
Location: San Antonio, TX, USA
Posts: 34

Rep: Reputation: 15
limiting sudo

Hi I am familiar with sudo and editing the sudoers file, however I have three questions:

1.) How would I give someone the ability to do everything except one privilege (ex: they can do everything EXCEPT create new users)?

2.) How would I log all the commands they've executed?

3.) How would I make their privileges expire on a certain date?

Thanks.
 
Old 03-28-2006, 11:25 AM   #2
chud67
Member
 
Registered: Jul 2004
Location: San Antonio, TX, USA
Posts: 34

Original Poster
Rep: Reputation: 15
Sorry for posting this in the wrong area. Would a moderator please move this to Linux-General (or the appropriate forum)? Thanks.
 
Old 03-28-2006, 02:35 PM   #3
Blinker_Fluid
Member
 
Registered: Jul 2003
Location: Clinging to my guns and religion.
Posts: 683

Rep: Reputation: 63
I've messed around a little bit with sudo here's what I think...
Quote:
1.) How would I give someone the ability to do everything except one privilege (ex: they can do everything EXCEPT create new users)?
If they can do everything else they can modify the sudoers file to add users. I would recommend restricting commands to only what is needed. In the manual it says you can use a ! to indicate they can't use that command but if you give them everything else it isn't hard to go around it.
Quote:
2.) How would I log all the commands they've executed?
Most my experience is on solaris and sudo commands are logged by default. There are options available to modify how they are logged though
Check out http://www.courtesan.com/sudo/man/sudoers.html for full syntax
Quote:
3.) How would I make their privileges expire on a certain date?
I don't know of anything that would expire privilages, if it were me I would put in on my calendar and do it manually.
 
Old 03-29-2006, 01:08 PM   #4
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Debian Testing
Posts: 19,192
Blog Entries: 4

Rep: Reputation: 475Reputation: 475Reputation: 475Reputation: 475Reputation: 475
As requested, moved to Linux-General
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM
sudo: limiting activity to the localhost Cenobite Linux - Security 4 03-02-2006 11:27 AM
Limiting sudo su -? RickAOTC Linux - Newbie 2 02-01-2006 07:28 AM
limiting the user sophie Linux - Newbie 7 09-05-2003 07:24 PM
Limiting users RedHatter Linux - Security 7 08-30-2002 05:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 12:04 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration