LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-08-2020, 01:39 AM   #1
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 502

Rep: Reputation: 31
regarding sudoers permission


Dear Experts ,

I have a normal user 'bob' in linux . I try to execute below command :

chmod o+r file1

using bob . but It denied . Now I want to add bob user in sudoers file so that bob can permit only execute this command .
And make sure that Bob should not execute other privileged command .

I need your help ...
 
Old 07-08-2020, 01:59 AM   #2
shruggy
Senior Member
 
Registered: Mar 2020
Posts: 1,140

Rep: Reputation: Disabled
Isn't it easier to make file1 owned by a group bob is member of?
 
Old 07-08-2020, 02:02 AM   #3
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 14,825

Rep: Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874
what did you try?
I used to suggest to implement the required functionality in a shell script (which can only do what you need) and you can add sudo right to bob to execute this script.
https://unix.stackexchange.com/quest...assword-prompt
 
Old 07-08-2020, 02:43 AM   #4
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 502

Original Poster
Rep: Reputation: 31
Actually I use chmod command into one of my script and mention below line on sudoers file :

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
%bob ALL=(ALL) NOPASSWD: ALL

But so far i know , 'ALL' can execute all privileged command but I just need chmod command only .
 
Old 07-08-2020, 02:55 AM   #5
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,782

Rep: Reputation: 315Reputation: 315Reputation: 315Reputation: 315
Check out this link might help: https://kifarunix.com/run-only-speci...sudo-in-linux/

From link above:

Quote:
sudo visudo

Next, add the line below;

john ALL=(root) /bin/systemctl restart NetworkManager

To run specific commands with sudo as any target user, for example to allow user john to restart only Apache service using sudo;

john ALL=(ALL) /bin/systemctl restart apache2

Note that while adding sudo privileges for the user, it is more safer to put the user specific sudo configuration under the /etc/sudoers.d directory for example;

echo "john ALL=(root) /bin/systemctl restart apache2" > /etc/sudoers.d/john

To allow a specific user to run multiple specific commands with sudo;
 
Old 07-08-2020, 03:05 AM   #6
petelq
Member
 
Registered: Aug 2008
Location: UK
Distribution: openSUSE(Leap and Tumbleweed) and a regularly changing third
Posts: 490

Rep: Reputation: Disabled
But if Bob had the sudo ability to chmod any file then he would have the ability to make any file writable and so alter any file, wouldn't he?
 
Old 07-08-2020, 03:32 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 14,825

Rep: Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874Reputation: 4874
Quote:
Originally Posted by petelq View Post
But if Bob had the sudo ability to chmod any file then he would have the ability to make any file writable and so alter any file, wouldn't he?
that's why "we" need a script which can do only what we need, nothing more.
For example take one filename argument, but works only in a specified directory.

Anyway a setgid dir probably better...
 
Old 07-08-2020, 03:55 AM   #8
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 502

Original Poster
Rep: Reputation: 31
Thanks all.. I got my solution ..
 
Old 07-08-2020, 04:57 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,946
Blog Entries: 9

Rep: Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230Reputation: 4230
Quote:
Originally Posted by shipon_97 View Post
Thanks all.. I got my solution ..
Then please share it.
Don't hit and run.
Others will benefit.
 
Old 07-10-2020, 11:32 PM   #10
shipon_97
Member
 
Registered: Oct 2005
Location: Bangladesh
Posts: 502

Original Poster
Rep: Reputation: 31
cat /etc/sudiers :

myusername ALL = (root) NOPASSWD: /path/to/my/program

here my user name is 'backup'
"backupe ALL = (root) NOPASSWD: /sbin/gzip chmod "



Later on I add below lines onto the script :

cd /u01/backup
sudo gzip OBUDB_before.$Date.dmp

cd /u01/backup
sudo /bin/chmod o+r *
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] User not in sudoers: How to add user? Permtion Denied for sudoers file esgol Linux - Newbie 3 07-13-2012 07:44 AM
Fedora /etc/sudoers file and sudoers.d directory davejjj Linux - Newbie 2 10-21-2011 06:19 PM
[SOLVED] Regarding sudoers file Ajit Gunge Linux - Newbie 6 10-05-2010 12:38 AM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM
Regarding SUDOERS hinetvenkat Linux - Networking 1 09-02-2005 01:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration