sudo Configuration

Poluri, Ramachandra Rao rp230050 at ncr.com
Mon Apr 17 21:50:11 UTC 2006 

 
Andrew,

As Mike mentioned out, making a entry in /etc/sudoers is always a best
practice.

#usera may run any command in /sbin without giving the path at command
line.
usera ALL = /sbin

If all the users want the same to done for everyone. Instead making
entry of everyone. Create a group, make the users a member of that
group. then make a entry in /etc/sudoers as below.

#All members of the groupa can run any command in /sbin
groupa ALL = /sbin

Hope this solution satisfies..

Wayne-Could you be clear on pathmunge function..wht/how can be done..

-Ramachandra.

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Mike Burger
Sent: Thursday, April 13, 2006 7:51 AM
To: General Red Hat Linux discussion list
Subject: Re: sudo Configuration

Or...using "sudo -l", one can get a full list of the commands to which
they have sudo access, including the full paths to those commands, if
the sysadmin has put the full path into the sudoers file...which is a
better practice.

This way, in order to get around the whole "missing this directory from
my search path" thing, all one needs to do is issue

"sudo /full/path/to/command"

to run the command.

This also gives the added benefit of not having a user be able to create
a script with the same name, in some other place, and then use sudo to
run that, potentially compromising your system.

On Wed, April 12, 2006 5:21 pm, Wayne Pinette wrote:
> You could do what I do (cause this drives me nuts) and edit profile 
> (in the etc directory) to just allow everyone to use the sbin 
> directories (just get rid of the if statement around that pathmunge 
> call).
>
>
> Wayner
>
>
>>>> AMeadows at BMI.com 04/12/06 1:45 pm >>>
> I am attempting to configure sudo on a RH AS v3 r4 server. The version

> of sudo installed is 1.6.7p5. I would like to pass the $PATH 
> environment of root to the sudoer when they run a sudo command. If 
> User A runs sudo ifconfig, usera receives an error saying that 
> ifconfig cannot be found.
> I know that this is due to the fact that the /sbin path is not in the 
> user A's profile. Is it possible to pass the .profile info from root 
> to user A so this command can run successfully?
>
>
>
> Thanks in Advance,
>
>
>
> Andrew
>

More information about the redhat-list mailing list