LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-01-2012, 02:35 PM   #1
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Rep: Reputation: Disabled
Question Sudo access to specific files/services


Hello all,

Im hoping someone can help. I'm looking at giving restricted access to a user using sudo.

I want to give them read/write access to a file and access to restart a service.

The user is in the users group, in the sudoers file there is a section to allow users to shutdown system. So i was gonna put the entry there

user localhost=/etc/init.d/dhcpd restart (this is to restart service)

i dont know where i could put the file access path or how to restrict that user to be able to edit that 1 file only.
 
Old 08-01-2012, 03:00 PM   #2
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
For the file restriction it would be easier to use acls.

Code:
setfacl -m u:username:rw filename
To see what permissions are given with acls use;

Code:
getfacl filename
As for the sudoers running a specific command I'd use:
Code:
cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them
Then add this line:
Code:
users ALL=(root) NOPASSWD: DHCPD_CMDS
 
1 members found this post helpful.
Old 08-02-2012, 09:08 AM   #3
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
As for the sudoers running a specific command I'd use:
Code:
cmd_Alias DHCPD_CMDS = /etc/init.d/dhcpd restart, /etc/init.d/dhcpd start, ....any commands you want to give them
Then add this line:
Code:
users ALL=(root) NOPASSWD: DHCPD_CMDS
[/QUOTE]

I've added the above lines to my sudoers file. I can login as sudo but can't execute the service restart stop etc.
 
Old 08-02-2012, 10:29 AM   #4
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
Make sure when you run it you put sudo infront of it.

Code:
sudo /sbin/service dhcpd restart
or

Code:
sudo /etc/init.d/dhcpd restart
 
1 members found this post helpful.
Old 08-02-2012, 10:37 AM   #5
whositwhatnow
Member
 
Registered: Mar 2012
Distribution: RHEL 5/6
Posts: 56

Original Poster
Rep: Reputation: Disabled
Awesome thanks for your help!
 
Old 08-02-2012, 10:39 AM   #6
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
No problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Using sudo to give read access to specific directory savona Linux - Security 14 01-31-2012 10:50 AM
Setting up user to use sudo for specific commands kreed Linux - Newbie 6 05-16-2011 04:43 PM
Allow access to specific files only Dilbert_halflife Linux - Server 1 05-12-2011 01:38 PM
How to deny root access to specific user's files haariseshu Red Hat 8 09-04-2009 07:36 AM
ban external access to specific services with iptables? tbeehler Linux - Software 4 07-17-2008 04:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration