LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-10-2009, 06:44 AM   #1
coolinux
LQ Newbie
 
Registered: Aug 2009
Posts: 10

Rep: Reputation: 0
Need Suggestions on Sudo on RHEL 5


Hi All,

I need information on sudo, well coming to the point, I have a user named user1, and I want to assing him few privileges, that is I want him to assign few commands so that he can execute the commands in my absence.

I have opened the suoders file with visudo, however, when I did some googling, I found that (username ALL=ALL), but I don't want to assign him the root privileges, instead I want to assign him only few commands, say like creating a parition using fdisk and all.

What I know: I understand that I need to search the path of the particular command(which fdisk)and put it into visudo file, however, what i want to know is where and how to (syntax) insert the line in the sudoers file.

Any and all suggestions will be appreciated.

Thanks....
 
Old 10-10-2009, 06:54 AM   #2
eth1
Member
 
Registered: May 2008
Posts: 97

Rep: Reputation: 20
The syntax of the file is pretty explanatory,

Quote:
user MACHINE=COMMANDS
So if the username is 'eth1' and you want to provide access to the command /sbin/mount to the user then,
Quote:
eth1 ALL=/sbin/mount
 
Old 10-10-2009, 06:58 AM   #3
~sHyLoCk~
Senior Member
 
Registered: Jul 2008
Location: /dev/null
Posts: 1,173
Blog Entries: 12

Rep: Reputation: 129Reputation: 129
Example:
Quote:
username ALL=NOPASSWD: /sbin/fdisk
Find out the path of command using

which fdisk or etc..
 
Old 10-10-2009, 10:16 AM   #4
tommylovell
Member
 
Registered: Nov 2005
Distribution: Fedora, Redhat
Posts: 372

Rep: Reputation: 101Reputation: 101
You can also split the specifications up using User_Alias and Cmnd_Alias to make it a little easier to organize.
Here is a contrived example for ya'.

Code:
### User Aliases

## This is a list of users that have the ability to sudo the same commands.
User_Alias    USERLST1=user1,user2

## This group has the ability to sudo the same commands.
## 'webadmgp' is a primary or secondary group that some of your users have.
User_Alias    WEBGROUP=%webadmgp


### Command Aliases

## Storage
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

## Networking
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Webadmin
Cmnd_Alias WEBADMIN = /etc/rc.d/init.d/httpd


### The Commands Section

## The USERLST1 users (user1 and user2) can sudo all the commands listed in Cmnd_Alias STORAGE.
## They don't need to enter a password.

USERLST1 ALL=NOPASSWD: STORAGE

## The WEBGROUP users (every user that has 'webadmgp' as a primary or secondary group)
## can sudo all of the commands listed in the NETWORKING an WEBADMIN Cmnd_Alias lists.
## They don't need to enter a password either.

WEBGROUP ALL=NOPASSWD: NETWORKING,WEBADMIN
Where things go doesn't seem to be important.

When you save the file, 'visudo' will tell you if you have a syntax error or some inconsistancy.

And be careful if you cut and paste into the file. If you cut a single long line that has wrapped on your screen, it'll paste in as multiple lines. When you file, 'visudo' will complain...

Last edited by tommylovell; 10-10-2009 at 10:24 AM. Reason: addl. info
 
Old 10-11-2009, 08:33 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Syntax:
user machine=(runas) cmds

runas = user to run cmd as; you don't always want the root user.
http://linux.die.net/man/5/sudoers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Sudo upgrade for RHEL to support Ldap ciphyre Red Hat 6 12-08-2008 06:44 PM
RHEL AS 4.7: wiki suggestions? anomie Linux - Server 2 10-09-2008 03:37 PM
looking for tips, suggestions& ideas on RAID with RHEL musicbrio Linux - Hardware 1 09-13-2007 03:33 PM


All times are GMT -5. The time now is 09:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration