How to give root access to normal user for one day.

unix_anand · 09-29-2008, 07:33 AM

Hello everybody,

I have one problem.
We are using RHEL5 with 100 of users. Now I want to give root access for shutdown machine and restart the services to one of the normal user. I feel giving root password to normal user is not correct way, If I use ACL or sudo but that not for single day this will continue for next day till I disable sudo. Is it possible to give sudo permission for single day upto given time means with in office hours.

Anybody has any solution or similar answer please please please
reply me.

Thanks and regards,

Anand.

pixellany · 09-29-2008, 07:41 AM

Why not write a script which modifies the sudo config file(s) based on the time of day? Assuming you know the commands for setting up sudo, all you need is a loop that checks time every minute or so, and then runs the right command sequence.

lukav · 09-29-2008, 01:18 PM

One way to do this -

To grant access to user1 to poweroff and start/stop/restart other services, edit /etc/sudoers with the following:

Code:

user1   ALL=/sbin/poweroff, [other programs to start/stop/restart services]

To remove user1 line from /etc/sudoers, create shell script:

Code:

#!/bin/bash
mv /etc/sudoers /etc/sudoers.old
cat /etc/sudoers.old | sed '/user1/d' > /etc/sudoers

chmod +x to created script

To execute above script at end of business day, type the following at the command shell:

Code:

sudo at 5pm
[full path and name of created script]
^D

timmeke · 10-14-2008, 05:45 AM

Quote:

cat /etc/sudoers.old | sed '/user1/d' > /etc/sudoers

is not without risk. Assume there is a user called "user12"...
Better make sure you match the first word in the line exactly.

Quote:

a loop that checks time every minute or so

this is what cron & "at" command do for you...