LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-05-2009, 10:16 PM   #1
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Rep: Reputation: 37
Query on SUDO


Friends,

Cmnd_Alias MOUNT=/bin/mount,/bin/umount
User_Alias TECH=saagar,rajesh
TECH ALL=MOUNT

Here what is the use of ALL? It says any hosts, but sudo concept is limited to the local host, is it not?

thank u.
 
Old 06-06-2009, 02:24 AM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
Yes and no. The application of sudo is limited to the current machine, but the sudoers file is designed to be centrally maintained and replicated (not as in RDBMS replication, but as in scp or rsync replication) to all servers in your organisation.

You can define rules that apply to certain servers only by putting the appropriate names in the sudoers file. This file can then be propogated to many machines, but the permissions will only be applicable to certain ones.

Did I explain this well enough for you?
 
Old 06-06-2009, 11:39 PM   #3
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Let me put it down this way from what I have understood from you.


from my above example:

1.Let system A be an NIS/LDAP server. In system A, I logged in as root and configured /etc/sudoers such that rajesh and saagar become sudo users.

2.I go to system B, scp the /etc/sudoers file of System A to System B, so that next time rajesh or saagar logs in to system B, they can run those sudo commands.

Since there is ALL directive there, they can run the command, if <Hostname> instead of ALL was there, it would have not been possible for them to run those sudo commands...am i right?

I hope I got it right.

Last edited by saagar; 06-06-2009 at 11:41 PM.
 
Old 06-07-2009, 01:00 AM   #4
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 572

Rep: Reputation: 56
Yep, you got it. You could give them access to specific commands on specific systems by using the server names instead of ALL.

The goal is a centrally maintained sudoers file, which can live on all machines and only grant access to appropriate users on appropriate machines.
 
Old 06-07-2009, 10:51 PM   #5
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Original Poster
Rep: Reputation: 37
Thanks a lot for your time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Query related to sudo? your_shadow03 Linux - Newbie 2 04-22-2009 01:21 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo blkid vs. sudo fdisk -l problems alienexplorers Linux - Newbie 1 01-13-2009 01:35 AM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM


All times are GMT -5. The time now is 02:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration