Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am looking for a solution to the following:
Allow in sudoers file the execution on a command with option A, but refuse the same command with option B:
Example:
Allow this:
sudo my_command optionA
Dissallow this:
sudo my_command optionB
Is this possible ?
You can easily specify which parameters are allowed.
For example, I have a user testuser. The file you must edit is /etc/sudoers, but remember to do it with visudo command - it verifies the content of the file, so you won't end up with a typo that would prevent you from sudo'ing again (sometimes it's the only way to access root account).
So, enter visudo.
Let's say, that I want to allow test to run /bin/yes --help. I don't have right to x it for any other user than root.
What you want to add is:
testuser ALL=(ALL) /bin/yes --help
It means that testuser can run /bin/yes --help from any host as any user. By default, sudo /bin/yes --help will ask for testuser's password. sudo /bin/yes will give access denied.
If you want to allow it without providing a password, replace the line with:
testuser ALL=(ALL) NOPASSWD: /bin/yes --help
Please note that you cannot explicitly deny a parameter. If the testuser is a member of default sudoers group, this method will not work.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 3 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I have this code in a linux executable file to start atom from there:
#! /bin/bash
sudo atom
I wanted to include sudo password after that lines of code, so the program will run automatically.
I wouldn't suggest hardcoding a password into your script as it carries a security risk.
Strictly speaking you can by doing:
echo "yourpassword" | sudo -S <command>
The -S flag will read the password from stdin.
There is another better way for you to allow password-less sudo commands by modifying your sudoers file.
Why you not use sudoers?
Try running atom without password.
Edit /etc/sudoers via visudo:
visudo -f /etc/sudoers
Put new line and save:
youuser ALL=(ALL:ALL) NOPASSWD: atom
do not forget to replace youuser
You dont need this. You need to use visudo:
sudo visudo
Then add line like this:
username ALL=(root) NOPASSWD: /path/to/script.sh
And then run your script using sudo script.sh without password
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
su - test; mkdir ~/cc creates cc directory under root's home directory.
Why doesn't it create cc under test's home directory?
What you REALLY want to do is
su - test -c 'mkdir ~/cc'
What you're doing isn't going to work as the ; and the command after it will be evaluated by the same instance of bash that will take care of the su - part as Chris pointed out in his comment.
su starts a new shell. The command doesn't terminate until the other shell exits; at which point the next command is processed.
You should be seeing that cc is not actually created until you exit from the su shell. (This is how POSIX-compliant shells work).
Because when you run su test, you are not cd'd to their home directory. if you ran
su test -c "mkdir ~/cc"
it should work. I have had issues with that one as well.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have a group called optaccess..Now, I need to give access to a directory /opt/sw/vam for this group - optaccess.
How can I do that in Linux?
I tried this
sudo chmod g+rwx *.*
but that does not work?
Where do I specify the group name - optaccess?
You need to run chgrp command. Try
chgrp -R optaccess /opt/sw/vam
Note: Add "-R" only , if you want to change group of all files + subdirectories.
chgrp: This command is used to change group of any directory.
chmod: This command is used to provide: read, write, access to any user/group.
chown: This command is used to change user and/or group of any directory.
For ex:
chown -R foo:optaccess /opt/sw/vam
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Is there a way to switch dir after doing sudo -i (in one command)?
We use lots of ssh connections on work, and it is a pain to manually set them up when you reboot your pc. So I'm trying to make aliases like ssh remote-dev -t 'sudo -i; bash -l', which connects me to a machine and makes me root there (it is required to do that way; because of Kerberos we can't directly ssh root#...)
So what I would like to do now is expanding the above command in a way that I can also tell it to switch to a specific dir after the sudo, or open a specific file, or tail a logfile or something... Is that possible?
-- edit: Of course you could tell it to do some command everytime someone logs in via ssh. But this is a bad option, because only I want to have these commands to be executed; When other people connect to this machine, they probably want different commands.
-- edit: Sorry I posted it here, did not realize it is offtopic in stackoverflow
Try
sudo -i bash -c "cd /path/to/dir; exec bash"
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Seems to me that if I write a shell script in $HOME/path/to/script/myscript, and export PATH=$PATH:$HOME/path/to/script/ then sudo -E myscript should run the script right?
From sudo man page:
‑E
The ‑E (preserve environment) option indicates to the security policy that the user wishes to preserve their existing environment variables. The security policy may return an error if the ‑E option is specified and the user does not have permission to preserve the environment.
But sudo -E script can't find the command. I know I can just add /absolute/path/to/script/ to the files that determine the PATH variable for sudo env, but that's not the approach I want to take.
To address the comments:
#H2CO3: I have seen sudo sudo floating around the net, and it bugs me tremendously, it's literally saying "Give me superuser permissions to run superuser". I don't know if it would solve the problem, but it seems like a fundamentally flawed approach. Then again I started using linux/bsd systems back in the mid 90's so I take issue with just the sudo command itself.
#rici: The script does have executable permissions, but that's definitely something to check whenever something doesn't run in *nix systems =)
/etc/sudoers by default has a setting to reset the environment. And also defines a default secure_path which is in effect when you run sudo -E [cmd].
You will need to edit the /etc/sudoers file and add 'env_keep' and mention the variables you want to preserve.
Default env_keep += "PATH"
but before this comment out the secure_path line. Then try your command via sudo -E.