Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-04-2009, 03:15 AM
|
#1
|
|
Member
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381
Rep: 
|
Sudo Access
Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.
I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.
Is there any way i can do it.
|
|
|
|
|
05-04-2009, 03:22 AM
|
#2
|
|
LQ Newbie
Registered: Mar 2008
Distribution: debian
Posts: 8
Rep: 
|
Quote:
Originally Posted by PMP
Hi have created a entry in sudoers for a specific user for some commnads,
My requirements is that the user should be on localhost to run these sudo access commands
I don't want to allow the user to ssh to the machine and run these sudo commands form ssh.
I.e a user will be able to run these sudo access commands only when he has the physical access to the machine not via ssh.
Is there any way i can do it.
|
One not very scalable solution is wrapping the sudo command with a filter of your own |
|
|
|
|
05-04-2009, 03:28 AM
|
#3
|
|
Member
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381
Original Poster
Rep:
|
But how will i identify the user is via ssh or localhost.
|
|
|
|
|
05-04-2009, 03:42 AM
|
#4
|
|
LQ Newbie
Registered: Mar 2008
Distribution: debian
Posts: 8
Rep:
|
Quote:
Originally Posted by PMP
But how will i identify the user is via ssh or localhost.
|
simplest, I assume, is who --ips or so. Nicer would be to dig it out of /proc, but I have not done that |
|
|
|
|
05-04-2009, 06:06 AM
|
#5
|
|
Senior Member
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,474
|
Test SSH_CLIENT or SSH_CONNECTION
|
|
|
|
|
05-04-2009, 06:28 AM
|
#6
|
|
Senior Member
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Rep:
|
Do you want to be able to be root yourself via ssh? Is it this specific user that you don't want to provide root access to when logging remotely?
You can control access in /etc/ssh/sshd_config
|
|
|
|
|
05-04-2009, 07:08 AM
|
#7
|
|
Member
Registered: Apr 2009
Location: ~
Distribution: RHEL, Fedora
Posts: 381
Original Poster
Rep:
|
I have already edited the file to stop everybody except user X to ssh to the machine, now i want user X to be able to run commands only when it is logged in on the machine directly no by ssh or any other thing
|
|
|
|
|
05-04-2009, 07:19 AM
|
#8
|
|
Senior Member
Registered: Nov 2003
Location: NB,Canada
Distribution: Something alpha or beta, binary or source...
Posts: 2,280
Rep:
|
I haven't had the need to do this, but why not:
in /etc/ssh/sshd_config
This should deny the sudoers group, but still allow someone who is in wheel to "su" to root.
Last edited by vectordrake; 05-04-2009 at 07:20 AM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 04:02 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
