LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-05-2008, 05:31 PM   #1
dnoy
Member
 
Registered: Nov 2007
Posts: 69

Rep: Reputation: 15
non-admin using tcpdump and nmap


i am using ubuntu and want my non-admin (non root) users to be able to use tcpdump and nmap.

Can you please help me do this

Last edited by dnoy; 12-05-2008 at 06:23 PM.
 
Old 12-06-2008, 11:21 AM   #2
fordeck
Member
 
Registered: Oct 2006
Location: Utah
Posts: 520

Rep: Reputation: 61
Here is one way to do it. Edit the /etc/sudoers file, but first be warned that it is recommended that you edit this file with a utility called visudo which performs extra validation on the sudoers file to make sure there are no syntax problems. The potential is there to lock a user out of the system otherwise. You could add a line similar to the following:

Code:
 <username> ALL=(root) <path_to_command_here>
Where <username> is the name of your user and <path_to_command_here> is either the path to a single command or a comma separated list of commands. Give that a try and let me know if this was helpful.

Regards,

Fordeck
 
Old 12-06-2008, 11:29 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
You might want to think twice about granting usage in the case of tcpdump like say sniffing usernames and passwords and in the case of nmap users say scanning a whole /8 in "insane" mode. There's ways to mitigate this but it would be good to understand the implications I think.

Last edited by unSpawn; 12-06-2008 at 11:30 AM.
 
Old 12-06-2008, 03:51 PM   #4
dnoy
Member
 
Registered: Nov 2007
Posts: 69

Original Poster
Rep: Reputation: 15
i dont want to make theme part of the sudoers file because that gives them root access. i just want to give non root users the ability to use tcpdump and nmap without having root access.
 
Old 12-06-2008, 04:23 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by dnoy View Post
i dont want to make theme part of the sudoers file because that gives them root access.
Please read up on sudo or elaborate.
 
Old 12-06-2008, 06:14 PM   #6
dnoy
Member
 
Registered: Nov 2007
Posts: 69

Original Poster
Rep: Reputation: 15
i dont want a user to use nmap by issuing 'sudo nmap ...' or being able to use sudo su -. i want an ordinary user to be able to run nmap.

please let me know if you need be to elaborate more?

Thank you
 
Old 12-06-2008, 06:55 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Could supply them with global aliases. However that's still minor compared to the security implications, which you'd rather read over I think.
 
Old 12-06-2008, 09:43 PM   #8
dnoy
Member
 
Registered: Nov 2007
Posts: 69

Original Poster
Rep: Reputation: 15
why cant i just give execute rights to those programs for that user/group? Is it because they use some networking services.

Last edited by dnoy; 12-07-2008 at 12:44 PM.
 
Old 12-10-2008, 05:38 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by dnoy View Post
why cant i just give execute rights to those programs for that user/group?
The point is that those tools require root access rights (capabilities to be more exact) for some reason. Giving unprivileged users more or less unrestricted and unaudited access to those tools may seem a convenient thing to do but it weakens security. And apparently in a way I'm not able to make you fully understand. Of course you may not care.
 
Old 12-10-2008, 07:23 AM   #10
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,232
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
Quote:
Originally Posted by dnoy View Post
i dont want a user to use nmap by issuing 'sudo nmap ...' or being able to use sudo su -. i want an ordinary user to be able to run nmap.

please let me know if you need be to elaborate more?

Thank you
Configuring sudo to grant access to those two applications will NOT grant the user rights to 'sudo su -' unless you really bork the configuration in the sudoers file.
 
Old 12-21-2008, 10:39 AM   #11
dnoy
Member
 
Registered: Nov 2007
Posts: 69

Original Poster
Rep: Reputation: 15
Thank you everyone for all your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 01:08 AM
LXer: Learn how to use nmap, and nmap GUI, a great port scan tool LXer Syndicated Linux News 0 01-03-2008 09:10 AM
nmap increase send delay for nmap 4.20 matters Slackware 1 10-01-2007 11:37 PM
2K admin now RHEL4 admin (I have some questions) wilsryan Red Hat 5 01-30-2006 12:18 PM
User admin and N/w admin on Gnome hangs ssrini *BSD 2 07-28-2005 07:55 AM


All times are GMT -5. The time now is 03:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration