configuring sudo access for some users
ankush grover
ankushfedora at gmail.com
Fri Nov 30 06:05:21 UTC 2007
Hi friends,
I want to configure sudo access for some users on my system. I am currently
using FC7 on my system. What they require (I mean users) is to do all the
things except they cannot su/su- to become anyother user or root user, they
should not be able to change anybody's password or atleast root's password,
cannot modify /etc/sudoers and etc/pam.d/su files . I have a script which
can extract all commands issued with "sudo" but if these users become root
then I won't be able to know who has done what.
I have already restricted su/su - access by editing /etc/pam.d/su and
uncommenting the below line:
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid
Authentication on my system is done through LDAP but also Use MD5, Use
Shadow and Local Authorization is sufficient options are enabled so that
local user for ex myself can login without authenticating to LDAP. Users for
which i want to configure sudo access will all be authenticated through
LDAP.
Currently I have added these 2 lines in /etc/sudoers (I used visudo command
to edit this file)
test ALL=(ALL) ALL, !/usr/bin/su
test2 ALL=(ALL) ALL, !/usr/bin/su
Both test and test2 are able to become root when they use "sudo su - " but
they are not able to become root user when they issue "su -". How do I
restrict these users not to become root or any other user through sudo su -
and also these users should not able to change their or other users
passwords on this system.
Thanks & Regards
Ankush Grover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20071130/68dabde0/attachment-0001.htm>
More information about the fedora-list
mailing list