[ale] sudo frustrations, help please

Narahari 'n' Savitha savithari at gmail.com
Tue Aug 25 11:33:49 EDT 2015


If I did  that I am allowing narahari and robert who are members of
teamsysuser group to be able to run commands as themselves and I am not
allowed to do that.

All installs and system work has to be done as user teamsysuser only but
teamsysuser is not a loginable account.



On Tue, Aug 25, 2015 at 11:27 AM, Jim Kinney <jim.kinney at gmail.com> wrote:

> Create a Linux group teamsysuser and add users to that group. In sudoers
> file
>
> @teamsysusers ALL(ALL) NOPASSWD:ALL
>
> Or shortcut all of this and add them to the WHEEL group (on RHEL-like
> systems) and uncomment the WHEEL line in sudoers file.
>
> On Tue, 2015-08-25 at 11:18 -0400, Narahari 'n' Savitha wrote:
>
> Here is the scenario I am trying to solve.
>
> teamsysuer => system account  without a shell but has the following entry
> in sudoers file
>
> teamssysuser ALL(ALL) NOPASSWD:ALL
>
> ========================
>
> narahari => regular user
> robert => regular user
>
> ========================
>
> We want to be able to allow
> narahari and robert run commands as themselves and teamsysuser only.
>
> I have done some playing around sudoers file
>
> User_Alias      ALL_MY_USERS = narahari robert
> Runas_Alias     TEAM_SYS_USER = teamssysuser
>
> ......
> .......
> ....
> ......
> ......
>
> teamssysuser ALL=(ALL) NOPASSWD: ALL
>
> ALL_MY_USERS    ALL = (TEAM_SYS_USER) NOPASSWD:ALL
>
> =================================
>
> I am not sure if this is the right approach or conceptually am I wrong ?
>
> -N
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his
> own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> http://heretothereideas.blogspot.com/
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150825/d96e3eb9/attachment.html>


More information about the Ale mailing list