Quote:
Originally Posted by bh0laJi
[sudoers]How-to edit '/etc/sudoers'?
|
Very carefully.
In all seriousness, do remember to test your changes in another window before closing your editor session.
The manual page for sudoers is a bit overwhelming, see "man sudoers" anyway. In
ALL=(ALL:ALL), the first part before the equal sign refers to the FQDN of the systems in question. The parts inside the parenthesis are the use and group one may switch to. Often people write
(ALL:ALL) when they really mean
(root:root) instead.
You might look at the second edition of
sudo Mastery by Michael W Lucas for an excellent explanation of all the capabilities. He also did a presentation which is preserved in Youtube as
sudo: You're Doing It Wrong, along with accompanying slides somewhere. However the book is better.
Then for your first question:
Quote:
Originally Posted by bh0laJi
[sudoers]How-to edit '/etc/sudoers'?
#1: How-to edit '/etc/sudoers'(aka 'sudo' Policy) file if:
The 'root' user want a nonRoot user 'bh0laJi' to be able to execute "/bin/shutdown -h now" and a script '/bin/rdshft.sh', and nothing else as 'sudo'.
|
Try something like the following:
Code:
%bh0laJi ALL=(root:root) /bin/shutdown -h now, /bin/rdshft.sh ""
The percentage sign means that the group is targeted and not just the one account. It makes debugging easier in many cases. Then the empty quotes after the script name mean that the account is not allowed to send parameters to it and must run it without them. If you want the group to be able to run many forms of
shutdown, then leave off the options. Without any options and without the empty quotes, any and all options are allowed.
Code:
%bh0laJi ALL=(root:root) /bin/shutdown, /bin/rdshft.sh ""
An instantaneous shutdown might not be most appreciated on a multi-user system.