[ale] sudo for a group to user how to please
DJ-Pfulio
DJPfulio at jdpfu.com
Wed Apr 1 09:55:57 EDT 2015
man sudoers
It is one of the best manpages ever written.
* Runas_Alias
* Cmnd_Alias
* Cmnd_List
So - you can be extremely specific about which commands AND options are
available to be run as another userid.
On 04/01/2015 09:47 AM, Narahari 'n' Savitha wrote:
> Now that you put that, we may not get much from that approach.
>
> What we really want is for a group to be able to run commands as the vips user.
>
> The idea here is that only one user is given permission to run commands on
> Suse VM as super user without pw.
>
> The members of the group puppet-folks should be able to run commands either as
> that vips user or scripts owned by vips should be runnable by the members of
> the group.
>
> -Narahari
>
> On Tue, Mar 31, 2015 at 7:43 PM, Alex Carver <agcarver+ale at acarver.net
> <mailto:agcarver+ale at acarver.net>> wrote:
>
> What is this going to get you? If they can become the vips user then
> they can go up one more link in the chain and be root for anything.
> You're gaining nothing by allowing them to become the unrestricted vips
> user. You might as well give them direct sudo access.
>
> On 2015-03-31 16:40, Narahari 'n' Savitha wrote:
> > Friends:
> >
> > Thank You folks for your time and reading this email.
> >
> > Here is the scenario
> >
> > I have a machine with a user call vips
> >
> > This vips user has sudo on the box to do pretty much anything
> > vips ALL = (ALL) NOPASSWD:ALL
> >
> > I have two other users narahari and zikka
> >
More information about the Ale
mailing list