LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-24-2008, 02:05 AM   #1
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Rep: Reputation: 102Reputation: 102
Question sudo access to few binaries ??


Hi ALl,

I am using RHEL 4. I need to give sudo access to few binaries say /usr/bin/chroot , /usr/bin/umount etc to a normal user say vikas.

How can I achieve this ?

What I understood reading manuals and conf files is that I need to modify /etc/sudoers file somewhat in this way....

Code:
Host_Alias      HOME = linux, linux.example.so.com
User_Alias      ABC = vikas
Cmnd_Alias      ABCD = /usr/bin/chroot, /usr/bin/umount
ABC             HOME = NOPASSWD: ABCD

I guess after making the above changes, I can use above commands as

sudo /usr/bin/chroot
and
sudo /usr/bin/umount


Pls help. I guess I am somewhere near.

THanks in adv.
VIKAS
 
Old 07-24-2008, 03:01 AM   #2
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Original Poster
Rep: Reputation: 102Reputation: 102
Can we also use the below line to give sudo access to directories ?? That is all binary files which are in these directories.

say /usr/sbin/ and /applications/meas/bin/


Code:
tuxedo  ALL= /usr/sbin/, /applications/meas/bin/
 
Old 07-27-2008, 09:05 PM   #3
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Original Poster
Rep: Reputation: 102Reputation: 102
People Pls Help !!!!
 
Old 07-27-2008, 10:13 PM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 61
What problem are you facing?

What is the reason for allowing chroot ?

You can't grant/deny access to a directory via sudo the way you are attempting. You can allow a user to run commands that are within a given directory.

Last edited by Mr. C.; 07-27-2008 at 11:07 PM.
 
Old 07-27-2008, 10:23 PM   #5
flower.Hercules
Member
 
Registered: Aug 2005
Distribution: Gentoo
Posts: 228

Rep: Reputation: 31
Quote:
Originally Posted by vikas027 View Post
Can we also use the below line to give sudo access to directories ?? That is all binary files which are in these directories.

say /usr/sbin/ and /applications/meas/bin/


Code:
tuxedo  ALL= /usr/sbin/, /applications/meas/bin/
I believe you can use wildcards in the sudoer configure. Something like this might do:

Code:
tuxedo ALL = NOPASSWD: /usr/sbin/*, /applications/meas/bin/*
Otherwise, for straight binary access to select commands:

Code:
tuxedo ALL = NOPASSWD: /usr/bin/umount
should do the trick.

Let us know if it works out for you!
 
Old 07-28-2008, 12:17 AM   #6
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Original Poster
Rep: Reputation: 102Reputation: 102
Quote:
Originally Posted by Mr. C. View Post
What problem are you facing?

What is the reason for allowing chroot ?

You can't grant/deny access to a directory via sudo the way you are attempting. You can allow a user to run commands that are within a given directory.
There is no particular reason for chroot, it is just an example.
 
Old 07-28-2008, 12:42 AM   #7
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Original Poster
Rep: Reputation: 102Reputation: 102
Hi flower.Hercules,

Yes, using wild cards (like *)

and


this
Code:
tuxedo ALL = NOPASSWD: /usr/bin/umount
helped.


Thank you guys.
 
Old 07-28-2008, 08:20 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
While using wildcards may seem "easy" this is not a best practice because by doing so you do not have fine-grained control over what can be executed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo access depam Linux - Newbie 1 02-03-2008 07:56 AM
How to use sudo access in GUI Rustylinux Linux - Newbie 17 01-04-2008 01:04 AM
how to provide sudo access mokku Linux - Newbie 1 09-12-2007 03:09 PM
Please help. Sudo access problem gneeot Ubuntu 5 11-17-2006 12:51 PM
How can I access 'trusted' binaries for chkrootkit? jack101 Linux - Security 5 08-18-2003 07:41 PM


All times are GMT -5. The time now is 03:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration