![]() ![]() Particularly the NOPASSWD bits (the above is intended for device that doesn't need that great security). Read the manual ( man sudoers) and try and understand what it does first to keep your system secure. Wilf HOSTNAME = NOPASSWD: ARCH, CRYPT, DIR, DISK, DEVICE, EDIT, FILE, FORMAT, NAV, NETWORK, PERM, PROCESS, SERVERS, SERVICE, SOFTWARE, VIEWĭon't just copy and paste this. this /etc/sudoers restricts the user to commands needed to do admin: # define host aliasesĬmnd_Alias ARCH = /bin/tar, /bin/gzip, /bin/gunzipĬmnd_Alias CRYPT = /sbin/losetup, /sbin/cryptsetupĬmnd_Alias DEVICE = /sbin/ifup, /sbin/ifdownĬmnd_Alias DISK = /bin/mount, /bin/umountĬmnd_Alias EDIT = /usr/bin/nano, /usr/bin/geditĬmnd_Alias FILE = /bin/cp, /bin/echo, /bin/ln, /bin/mv, /bin/rm, /usr/bin/touch, /usr/bin/renameĬmnd_Alias FORMAT = /sbin/mkfs.ext2, /sbin/mkfs.ext3, /sbin/mkfs.ext4, /sbin/mkfs.msdos, /sbin/mkfs.vfatĬmnd_Alias NETWORK = /sbin/route, /sbin/iptables, /usr/bin/nmap, /usr/sbin/hping3Ĭmnd_Alias PERM = /bin/chattr, /bin/chgrp, /bin/chmod, /bin/chownĬmnd_Alias PROCESS = /usr/bin/ps, /bin/kill, /usr/bin/killall, /sbin/shutdownĬmnd_Alias SELINUX = /usr/sbin/semanage, /usr/bin/chcon, /sbin/restorecon, /usr/sbin/setseboolĬmnd_Alias SERVERS = /etc/init.d/network, /etc/init.d/cups, /etc/init.d/nfs, /etc/init.d/httpd, /etc/init.d/vsftpdĬmnd_Alias SERVICE = /usr/bin/systemctl, /sbin/chkconfig, /sbin/service, /usr/sbin/updatedbĬmnd_Alias SOFTWARE = /usr/bin/dpkg, /usr/bin/apt-getĬmnd_Alias VIEW = /bin/cat, /usr/bin/du, /bin/ls, /bin/tree, /bin/top, /bin/tails You can use command aliases to limit what commands the user can run as sudo - e.g. ![]()
0 Comments
Leave a Reply. |