LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-04-2009, 04:15 AM   #1
PMP
Member
 
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381

Rep: Reputation: 58
Sudo Access


Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.

I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.

Is there any way i can do it.
 
Old 05-04-2009, 04:22 AM   #2
linterrogate
LQ Newbie
 
Registered: Mar 2008
Distribution: debian
Posts: 8

Rep: Reputation: 0
Quote:
Originally Posted by PMP View Post
Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.

I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.

Is there any way i can do it.
One not very scalable solution is wrapping the sudo command with a filter of your own
 
Old 05-04-2009, 04:28 AM   #3
PMP
Member
 
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381

Original Poster
Rep: Reputation: 58
But how will i identify the user is via ssh or localhost.
 
Old 05-04-2009, 04:42 AM   #4
linterrogate
LQ Newbie
 
Registered: Mar 2008
Distribution: debian
Posts: 8

Rep: Reputation: 0
Quote:
Originally Posted by PMP View Post
But how will i identify the user is via ssh or localhost.
simplest, I assume, is who --ips or so. Nicer would be to dig it out of /proc, but I have not done that
 
Old 05-04-2009, 07:06 AM   #5
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,652

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Test SSH_CLIENT or SSH_CONNECTION
 
Old 05-04-2009, 07:28 AM   #6
vectordrake
Senior Member
 
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Blog Entries: 4

Rep: Reputation: 47
Do you want to be able to be root yourself via ssh? Is it this specific user that you don't want to provide root access to when logging remotely?

You can control access in /etc/ssh/sshd_config
 
Old 05-04-2009, 08:08 AM   #7
PMP
Member
 
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381

Original Poster
Rep: Reputation: 58
I have already edited the file to stop everybody except user X to ssh to the machine, now i want user X to be able to run commands only when it is logged in on the machine directly no by ssh or any other thing
 
Old 05-04-2009, 08:19 AM   #8
vectordrake
Senior Member
 
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Blog Entries: 4

Rep: Reputation: 47
I haven't had the need to do this, but why not:



Code:
DenyGroups sudoers
in /etc/ssh/sshd_config

This should deny the sudoers group, but still allow someone who is in wheel to "su" to root.

Last edited by vectordrake; 05-04-2009 at 08:20 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo access depam Linux - Newbie 1 02-03-2008 07:56 AM
How to use sudo access in GUI Rustylinux Linux - Newbie 17 01-04-2008 01:04 AM
how to provide sudo access mokku Linux - Newbie 1 09-12-2007 03:09 PM
Please help. Sudo access problem gneeot Ubuntu 5 11-17-2006 12:51 PM
Sudo access to particular directories angrybeaver Linux - Software 0 09-23-2004 02:39 AM


All times are GMT -5. The time now is 12:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration