LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Sudo Access (http://www.linuxquestions.org/questions/linux-newbie-8/sudo-access-723480/)

PMP 05-04-2009 04:15 AM

Sudo Access
 
Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.

I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.

Is there any way i can do it.

linterrogate 05-04-2009 04:22 AM

Quote:

Originally Posted by PMP (Post 3529231)
Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.

I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.

Is there any way i can do it.

One not very scalable solution is wrapping the sudo command with a filter of your own

PMP 05-04-2009 04:28 AM

But how will i identify the user is via ssh or localhost.

linterrogate 05-04-2009 04:42 AM

Quote:

Originally Posted by PMP (Post 3529240)
But how will i identify the user is via ssh or localhost.

simplest, I assume, is who --ips or so. Nicer would be to dig it out of /proc, but I have not done that

AlucardZero 05-04-2009 07:06 AM

Test SSH_CLIENT or SSH_CONNECTION

vectordrake 05-04-2009 07:28 AM

Do you want to be able to be root yourself via ssh? Is it this specific user that you don't want to provide root access to when logging remotely?

You can control access in /etc/ssh/sshd_config

PMP 05-04-2009 08:08 AM

I have already edited the file to stop everybody except user X to ssh to the machine, now i want user X to be able to run commands only when it is logged in on the machine directly no by ssh or any other thing

vectordrake 05-04-2009 08:19 AM

I haven't had the need to do this, but why not:



Code:

DenyGroups sudoers
in /etc/ssh/sshd_config

This should deny the sudoers group, but still allow someone who is in wheel to "su" to root.


All times are GMT -5. The time now is 08:57 PM.