Updating sudoers dating an international woman

What about on a production machine where you've got a user that is a little bit trusted, but shouldn't be given total access to the system?

updating sudoers-76

The sudoers policy plugin determines a user's sudo privileges. The policy is driven by the /etc/sudoers file or, optionally in LDAP.

The policy format is described in detail in the SUDOERS FILE FORMAT section.

If we modify the entry like so: dgb boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm Then user dgb is now allowed to run /bin/ls as operator, but /bin/kill and /usr/bin/lprm as root.

Wait a minute; you're trying to PREVENT the user from using the command? Probably what you need to do is create a group for the users that you want to be able to run the command, then change the permissions of the command to 750 and the ownership to root:newgroup. You might also be able to create an apparmor profile to prevent the user from running the command without tinkering with its permissions and ownership (TBH, I wouldn't do a lot of tinkering with the permissions and ownership of basic system commands. If the above code doesn't do what you want, I'd suggest looking at apparmor. sudo only determines if you can run a command as root using the sudo command.

sorry for the misleading information in the beginning, and I changed my original post. It does not limit in any way the commands you can actually run.

-_-bbb my question is: after adding a line in /etc/sudoers, e.g.: test ALL= /bin/ls the user 'test' is supposed to only execute /bin/ls, but 'test' can still run the other commands. What you did in the sudoers file is give "test" the ability to run ls as root.For example: For more information on configuring sudo.conf(5), please refer to its manual.The sudoers security policy requires that most users authenticate themselves before they can use sudo.If you've not got crazy vi chops don't worry, were don't need to do anything complicated.Just page down to the bottom of the document and enter the following: this time when you are prompted for a password, you only need to enter your own one. Now let's give some more users access, but we won't be quite so generous with what they can do.Unless you've already got an account with sudo access, you're going to need to log in as root one last time to set one up.

Tags: , ,