I am trying to setup sudo permission for an account to have full access to all files under certain directory.
I have made the following entry in sudoers file
itg ALL= NOPASSWD: /apps/pgm/admin/
The file which I trying to modify and execute under /apps/pgm/admin/ path has the following permssion.
-rwxr--r-- 1 root root 6034 Oct 2 02:00 ptTomcat.ksh
Though I am able to execute the above script through sudo, when I try to edit this file through sudo I am getting the following error
Sorry, user itg is not allowed to execute '/bin/vi /apps/pgm/admin/ptTomcat.ksh' as root
I am running Linux
Any thoughts?
Your user cannot execute '/bin/vi' as root as you haven't added that command to /etc/sudoers for that particular user.
Try something similar to:
itg ALL= NOPASSWD: /bin/vi /apps/pgm/admin
Related
How to allow all users under a particular group can only run the "dnf" command with "sudo" and without entering any password?
first write The command EDITOR=nano visudo as root
you will get inside the sudo config file
now type %TheGroupName ALL=(ALL:ALL) NOPASSWD: ALL any where before the last line
i want to ask for a specific user to use certain root commands in redhat?
my server run redhat OS 7.6. i dont have any idea how to set a user that can run certain commands from root.
let say i have one user id name MY_CIT, so MY_CIT can run certain commands for example to create print queue #lpadmin -p printer -v socket://printer:9100 -E
so MY_CIT no need root access to trigger the command.
Anyone experience on this? kindly help. thanks
You'll be able to use file ACLs. As a test I removed execute permissions from the nano command, just to show how this will work.
You won't need to do this, however, you will need root permissions to the machine. Instead of nano, use 'lpadmin' as per your requirements
[root#server bin]# chmod o-x /bin/nano
[root#server bin]# ls -lah /bin/nano
-rwxr-xr-- 1 root root 202K Jun 10 2014 nano
To test, we change to user1 and try use nano to edit a file:
[user1#server ~]$ nano file1
-bash: /bin/nano: Permission denied
Now, as root again, we add an ACL to the nano program. This allows only user1 to execute the program.
[root#server bin]# setfacl -m u:user1:x /bin/nano
Display ACL with getfacl:
[root#server bin]# getfacl /bin/nano
getfacl: Removing leading '/' from absolute path names
# file: bin/nano
# owner: root
# group: root
user::rwx
user:user1:--x <<-- Note this
group::r-x
mask::r-x
other::r--
As user1, we are able to use the nano program, but not as user2:
[user1#server ~]$ nano file1
[user1#server ~]$ ls
file1
[user1#server ~]$ exit
logout
[root#server bin]# su - user2
[user2#server ~]$ nano file1
-bash: /bin/nano: Permission denied
ACLs allow admins to extend permissions past just user/group/other. You're able to set permissions for specific users on the system.
Run command with a root privilege:
sudo visudo
It opens file /etc/sudoers for edit.
Add this line at the end of the file (and after keep one blank line):
MY_CIT ALL = NOPASSWD: /usr/sbin/lpadmin
where:
MY_CIT - name of your user
/usr/sbin/lpadmin - path to executible file. Note please that in your distro path can be different. You can check this with command whereis lpadmin.
After user can run command lpadmin with arguments with sudo without password:
sudo lpadmin ...
I am unable to create a directory using sudo priveleges from root user and If I login to user , I can create an directory under /root using sudo. Also I have added to allow all commands in /etc/sudoers file and the details are below:
[root#linux home]# cat /etc/sudoers | grep tes
test ALL= NOPASSWD: ALL
Error
[root#linux home]# sudo -u test mkdir /var/log/test3
mkdir: cannot create directory ‘/var/log/test3’: Permission denied
Any Ideas ?
Thanks
By running 'sudo -u test', you're giving yourself lower privileges than the roor user because you're running the command as the user 'test', not 'root'. From the root user, you can just run:
mkdir /var/log/test3
Read man sudo for more info.
Or:
Run visudo and uncomment the wheel group, then add the user test to the wheel group.
If you don't mind me asking, why do you need to create a directory as a certain user from the root user? Especially since the directory you're making will not be user specific?
Also, in the sudoers file , you should what added test ALL=(ALL) NOPASSWD: ALL, not test ALL= NOPASSWD: ALL
I am getting following error while trying to switch to root.
[~]# sudo su -
sudo: must be setuid root
and I have confirmed the permission of sudo file set to correct
[~]# ls -l /usr/bin/sudo
---s--x--x 2 root root 190904 Mar 10 2014 /usr/bin/sudo*
also the user is already wheels group. please help
Please make sure that the user has normal jail access
I'm trying to change system time via a script.
Basically the command date -s "<date>" doesn't work since I run the command as user www-data. Although I edited /etc/sudoers file to give root privileges to the user www-data, I still can't change or set time.
What could be the reason?
After editing a /etc/sudoers, do a
sudo date -s
command. This will do the actual date command from "Root" user.
Just edit of /etc/sudoers is not enough, because it will not give a root to user, but it will give a capability to became root from user using sudo utility.
type
sudo visudo
add the next command
<username> ALL=(ALL) NOPASSWD: /bin/date
or
<username> ALL=(ALL) NOPASSWD: /usr/bin/timedatectl
now you can edit your time from the specific account without password like
sudo timedatectl set-time <datetime>
Also should note that line
Default requiretty
should becommented in sudoers file. Otherwise you will get a message to STDERR, saying
sudo: sorry, you must have a tty to run sudo
when trying to invoke the script from outer world.
This was a problem in my case.