Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For the above sudo access to view all the files within /usr/local/avamar/ and its subdirectories are not working properly.
its working only when i give with full pathname from the home directory.
for every time i have to give the full pathname from home directory to view files,as below
user@server1 ~]$ sudo vi /usr/local/avamar/bin
please suggest how to view the files via vi within all the sub directories under /usr/local/avamar itself using sudo.
As far as I know, you have to specify the full path to each executable/action you wish your sudoers user/group to use.
It would be a large security risk to allow every executable in a directory, for example, all of /bin. Especially if you set sudoers to require no password.
Thanks for your reply, I do understand the security concern, but our user presisting to find a way to run sudo from the subdirectories,
Is there any way to accomplish that without compromising security.
Thanks for your reply, I do understand the security concern, but our user presisting to find a way to run sudo from the subdirectories,
Is there any way to accomplish that without compromising security.
Well, if somehow a piece of malware was copied/installed on your system in the sub directory you pick, anyone on the system could run it without a password. You are essentially removing user/group permissions from your system for every file/binary installed to that directory.
I don't see why you cannot just enter the full path for each application you wish to run into the sudoers file. That is how sudo was intended to be used. If it's a production environment, I personally wouldn't be allowing every user on the system passwordless access to any file/binary in a directory. It is essentially giving root access to every user on the system to all files in that directory.
To hack your system all an attacker would need to do is replace/add malware to that directory and run....
Code:
~# sudo /path/to/sudo/dir/uber-malware
...your system is now compromised with a backdoor, rootkit, take-your-pick malware.
EDIT
The only thing preventing such a compromise would be if the directory had the right file permissions to prevent unprivileged users from writing files to that directory. Still though, nothing is preventing unprivileged users from causing damage to the system with the already installed binaries because they have full access to the system.
So harsh, haha. I had a similar response in mind but decided it would be more constructive for everyone to explain the security implications. I try my best not to flame people for threads like this...
dont get me in the wrong way, I didn't mean to be harsh to you. user is requesting why he need run with whole pathname, when he is already into the particular subdirectory. I even tried for sudo access for every subdirectory inside /usr/local/avamar, but still its working only with the full pathname. Is there any way to overcome this by sudo itself instead of changing permissions for the directories?
If what you mean are aliases using sudo, then yes. You can create a list of commands (using the full paths) and link it to an alias. Then refer to this alias for each user or user group that can run those commands.
You will not however be able to avoid adding the full paths of each command in the alias.
All of this is clearly stated in the sudo documentation. Here is a link that explains quite a bit about how sudo works:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.