[ale] restricting sudo

Robert L. Harris Robert.L.Harris at rdlg.net
Tue Jul 17 13:36:42 EDT 2001 



The package has it's own group and we'd rather not modify it from the default
so that when the system requires a rebuild or restore in 6months or a year
it won't bite us when we forget we did this.  Trying to keep the systems
clean and simple.

Robert

Thus spake Casey Allen Shobe (cshobe at softhome.net):

> Why not just doing the following instead?:
> 
> vi /etc/group
> (add:) hausers::150:root,user1,user2,whomever
> chown root /opt/package/bin/ha
> chgrp hausers /opt/package/bin/ha
> chmod o-wx /opt/package/bin/ha
> 
> - Casey
> 
> On Tue, 17 Jul 2001, Robert L. Harris wrote:
> > I need to keep some users from executing
> > 
> > /opt/package/bin/ha*.
> > 
> > I have a command alias for sudo that says:
> > 
> > Cmnd_Alias    HAALIAS    = /opt/package/bin/ha*
> > 
> > and this keeps them from executing the full path, but they can do
> > 
> > cd /opt/package/bin/
> > sudo ./hacommand
> > 
> > 
> > It doesn't like the command alias:
> > Cmnd_Alias    HAALIAS    = /opt/package/bin/ha*, ./ha* 
> > 
> > either.  Thoughts?
> > 
> > 
> > 
> > :wq!
> > ---------------------------------------------------------------------------
> > Robert L. Harris                |  Micros~1 :  
> > Senior System Engineer          |    For when quality, reliability 
> >   at RnD Consulting             |      and security just aren't
> >                                 \_       that important!
> > DISCLAIMER:
> >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > FYI:
> >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > 
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> -- 
> Casey Allen Shobe
> cshobe at softhome.net



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list