LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   regarding sudoers permission (https://www.linuxquestions.org/questions/linux-newbie-8/regarding-sudoers-permission-4175678346/)

shipon_97 07-08-2020 01:39 AM
regarding sudoers permission
 
Dear Experts ,

I have a normal user 'bob' in linux . I try to execute below command :

chmod o+r file1

using bob . but It denied . Now I want to add bob user in sudoers file so that bob can permit only execute this command .
And make sure that Bob should not execute other privileged command .

I need your help ...

shruggy 07-08-2020 01:59 AM
Isn't it easier to make file1 owned by a group bob is member of?

pan64 07-08-2020 02:02 AM
what did you try?
I used to suggest to implement the required functionality in a shell script (which can only do what you need) and you can add sudo right to bob to execute this script.
https://unix.stackexchange.com/quest...assword-prompt

shipon_97 07-08-2020 02:43 AM
Actually I use chmod command into one of my script and mention below line on sudoers file :

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
%bob ALL=(ALL) NOPASSWD: ALL

But so far i know , 'ALL' can execute all privileged command but I just need chmod command only .

JJJCR 07-08-2020 02:55 AM
Check out this link might help: https://kifarunix.com/run-only-speci...sudo-in-linux/

From link above:

Quote:
sudo visudo

Next, add the line below;

john ALL=(root) /bin/systemctl restart NetworkManager

To run specific commands with sudo as any target user, for example to allow user john to restart only Apache service using sudo;

john ALL=(ALL) /bin/systemctl restart apache2

Note that while adding sudo privileges for the user, it is more safer to put the user specific sudo configuration under the /etc/sudoers.d directory for example;

echo "john ALL=(root) /bin/systemctl restart apache2" > /etc/sudoers.d/john

To allow a specific user to run multiple specific commands with sudo;

petelq 07-08-2020 03:05 AM
But if Bob had the sudo ability to chmod any file then he would have the ability to make any file writable and so alter any file, wouldn't he?

pan64 07-08-2020 03:32 AM
Quote:
Originally Posted by petelq (Post 6142878)
But if Bob had the sudo ability to chmod any file then he would have the ability to make any file writable and so alter any file, wouldn't he?
that's why "we" need a script which can do only what we need, nothing more.
For example take one filename argument, but works only in a specified directory.

Anyway a setgid dir probably better...

shipon_97 07-08-2020 03:55 AM
Thanks all.. I got my solution ..

ondoho 07-08-2020 04:57 AM
Quote:
Originally Posted by shipon_97 (Post 6142890)
Thanks all.. I got my solution ..
Then please share it.
Don't hit and run.
Others will benefit.

shipon_97 07-10-2020 11:32 PM
cat /etc/sudiers :

myusername ALL = (root) NOPASSWD: /path/to/my/program

here my user name is 'backup'
"backupe ALL = (root) NOPASSWD: /sbin/gzip chmod "



Later on I add below lines onto the script :

cd /u01/backup
sudo gzip OBUDB_before.$Date.dmp

cd /u01/backup
sudo /bin/chmod o+r *


All times are GMT -5. The time now is 03:12 PM.