hi,
I want user with name admin can run these commands and want add this in
sudoers file
he/she can run :"useradd -c "comment" -d /home/username -m -s /bin/false "
meanwhile I want after this user create successfully , this command:
quotatool -u username -bq 10M -l 10M /var/spool/mail
quotatool -u
I write a script that contains:
#!/bin/bash
echo "Enter username: "
read username
/usr/sbin/useradd -d /home/$username -m $username
/usr/bin/quotatool -u $username -bq 10M -l 10M /var/spool/mail
/usr/bin/quotatool -u $username -bq 1-M -l 10M /home
---
On Tue, Jan 20, 2004 at 01:10:19PM +0330, Alikhani wrote:
> Date: Tue, 20 Jan 2004 13:10:19 +0330
> From: Alikhani <[EMAIL PROTECTED]>
> Subject: Re: sudo
> To: [EMAIL PROTECTED]
>
> I write a script that contains:
> #!/bin/bash
> echo "Enter username: "
Hi Rechard,
Thank you very much for your guidance. I did something you said ,but
when I add the
/usr/bin/sudo /usr/sbin/useradd .
to my script and when the admin run it , system says ,
/usr/bin/sudo: /etc/sudoers is mode 0440, should be 0640
and when I chmod 0640 /etc/sudoers as root , admin
Hi Richard
I can solve the problem only admin need use this command :"sudo ud" and
then everything will be OK.
Thank you very much for your guidance .
-by
-Sophia
Richard Higson wrote:
On Tue, Jan 20, 2004 at 01:10:19PM +0330, Alikhani wrote:
Date: Tue, 20 Jan 2004 13:10:19 +0330
From
On Wed, Jan 21, 2004 at 08:12:50AM +0330, Alikhani wrote:
> Date: Wed, 21 Jan 2004 08:12:50 +0330
> From: Alikhani <[EMAIL PROTECTED]>
> Subject: Re: sudo
> To: [EMAIL PROTECTED]
>
> Hi Rechard,
>
> Thank you very much for your guidance. I did something you said ,b
Hi Dear Richard
Wow , you said exactly correct , I have to sudo one in
/usr/local/bin/sudo and another /usr/bin/sudo
when I use: "echo $PATH " with admin , it says:
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games/bin:/usr/games:/opt/gnome/bin:/opt/kde2/bin:.
/usr/
SuSE sudo levels
We are working on a project to consolidate Linux userid management. We are
moving our Linux Users from each Linux Guest and will manage them using
CA-ACF2 and PAM. However we ran into a slight problem. We use sudo to
control root access and then define the privileged users to
Is it "sue dough" (like pseudo) or "sue do"? I always did the latter, but
people around here seem to like the first. And I get confused (as usual)
as to whether they mean "sudo" or "pseudo".
--
Q: What do theoretical physicists drink beer fro
(rant on)I am trying to protect the system from an incompetent manager making a
bad decision about an operator(rant off).
Anyway so the operator doen't have to log into root I'm trying to setup
sudo to perform several commands.
To shorten the keying I have setup cmnd alias ,but whe
Is there any way to limit what processes someone could kill when using
Sudo?
Our websphere administrator wants the authority to kill a hung java thread
should the need arise, and he wants the root password. I do not want to and
will not give it to him. I am being directed by my management to
Anyone else picked up on this ?
http://www.groklaw.net/article.php?story=2009094923390
No wonder everyone cheered when the lawyer got eaten in the original
Jurassic Park.
Shane ...
--
For LINUX-390 subscribe / signoff / arch
Peter E. Abresch Jr. - at Pepco wrote:
SuSE sudo levels
We are working on a project to consolidate Linux userid management. We are
moving our Linux Users from each Linux Guest and will manage them using
CA-ACF2 and PAM.
Interesting; I'm about to embark on the same process.
However we ran
Mark Post wrote:
SLES9 SP4 is well under way. I can't find the RPMs associated with it right
now, so I can't tell if the version of sudo will be newer or not. I suspect it
will not be newer. If you download sudo from source and compile it yourself,
it will void support for sud
>>> On Fri, Nov 30, 2007 at 9:31 AM, in message
<[EMAIL PROTECTED]>, "Peter
E. Abresch Jr. - at Pepco" <[EMAIL PROTECTED]> wrote:
-snip-
> Here is the problem, we are running the following guests:
>
> SuSE SLES10x SP1 Kernel 2.6.16.53-0.18-default wit
The latter.
John McKown wrote:
Is it "sue dough" (like pseudo) or "sue do"? I always did the latter, but
people around here seem to like the first. And I get confused (as usual)
as to whether they mean "sudo" or "pseudo".
--
Q: What do theoretical
Considering that sudo stands for super user "do" (or substitute user
do), I agree it would definitely be the latter.
-Sam
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Rich Smrcina
Sent: Wednesday, September 24, 2008 10:09 AM
To:
390@VM.MARIST.EDU
Subject: curiosity: pronouncing "sudo"
Is it "sue dough" (like pseudo) or "sue do"? I always did the latter,
but
people around here seem to like the first. And I get confused (as usual)
as to whether they mean "sudo" or "pseudo".
--
e to note that the SU part comes directly from the
utility sudo is intended to replace: su
That command has been pronounced 'Es You' by everyody I have ever
heard pronounce it, so perhaps it's 'Es You Do' though that also
sounds an awful lot like Ef You Dude.
Ultimately I think i
LOL, I have never seen so many "pronunciations" is so few words.
K
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Erik N Johnson
Sent: Wednesday, September 24, 2008 10:38 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing &qu
er
> to use a psuedonym (I realize this is something of a stretch)
> It is also worthwhile to note that the SU part comes directly from the
> utility sudo is intended to replace: su
> That command has been pronounced 'Es You' by everyody I have ever
> heard pronounce it, s
> Ultimately I think it's really more 'tuh-MAY-toe' vs. 'tuh-MAH-toe'.
Oh, let's call the whole thing off...8-)
--d b
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the m
Yeah, but was your Russian friend really meaning "Lee NUKES"?
LOL
K
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Douglas Wooster
Sent: Wednesday, September 24, 2008 11:07 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing
On Wed, 2008-09-24 at 09:37 -0500, Erik N Johnson wrote:
> So the 'correct' pronounciation of
> Linux should technically be 'LEE-nukes'
>From the Man himself: http://www.jx90.com/linux.html
--
For LINUX-390 subscribe / signoff /
AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: curiosity: pronouncing "sudo"
>
> On 09/24/2008 10:37:33 AM, Erik N Johnson wrote:
> > It is an interesting question. The fact o the matter is that Linux is
> > named after Linus Torvalds. The predominant pronoun
X-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing "sudo"
On Wed, 2008-09-24 at 09:37 -0500, Erik N Johnson wrote:
> So the 'correct' pronounciation of
> Linux should technically be 'LEE-nukes'
>From the
> -Original Message-
> From: Linux on 390 Port On Behalf Of Evans, Kevin R
>
> Damn, Lockheed's firewall systems are getting ridiculous in
> the sites that they ban us from going to, including this one.
Your "net nanny" must be similar to ours. E.g., we can go to Dilbert,
but not Doones
John McKown wrote:
Is it "sue dough" (like pseudo) or "sue do"? I always did the latter, but
people around here seem to like the first. And I get confused (as usual)
as to whether they mean "sudo" or "pseudo".
I've always used the former, and
Douglas Wooster wrote:
Well put. I have a Russian friend whom I think says 'LEE-nukes'.
Given recent developments in Georgia and other places, I'd steer clear
of him:-)
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http:/
> On 09/24/2008 11:15:42 AM, Evans, Kevin R asked:
> > Yeah, but was your Russian friend really meaning "Lee NUKES"?
> Not unless he was planning to take shameless advantage of the guy --
he
> said things like "use LEE-nukes". :)
> Hm. Maybe I should ask the pres. of the Rexx Language Associatio
oth pronounciations and arguments for each. It is true
that it stands for Substitute-User DO but it is also allowing a user
to use a psuedonym (I realize this is something of a stretch)
It is also worthwhile to note that the SU part comes directly from the
utility sudo is intended to replace: su
> Some of you will have heard of CICS?
> Here, in .au, it's generally pronounced "Kicks."
Well if it was pronounced the other some people would confuse it with
vi...
Alan
--
For LINUX-390 subscribe / signoff / archive access ins
Certainly NOT the way us Brits do!
LOL
K
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
John Summerfield
Sent: Wednesday, September 24, 2008 12:07 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing "sudo"
John McKown wrot
LINUX-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing "sudo"
> -Original Message-
> From: Linux on 390 Port On Behalf Of Evans, Kevin R
>
> Damn, Lockheed's firewall systems are getting ridiculous in
> the sites that they ban us from going to, including
ou will be assimilated. Resistance is futile.
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
John McKown
Sent: Wednesday, September 24, 2008 06:45
To: LINUX-390@VM.MARIST.EDU
Subject: curiosity: pronouncing "sudo"
Is it "sue dough" (lik
erator doen't have to log into root I'm trying to setup
> sudo to perform several commands.
> To shorten the keying I have setup cmnd alias ,but when I try to execute
> the alias i get command not found.
> So here is my sudo file:
> Host_Alias IMAGE1 = xx.xx.xx.xxx
>
But when I sudo SHUTL2 I get:
sudo: SHUTL2: command not found
Mace
--- On Thu, 9/25/08, Scott Rohling <[EMAIL PROTECTED]> wrote:
> From: Scott Rohling <[EMAIL PROTECTED]>
> Subject: Re: question about sudo
> To: LINUX-390@VM.MARIST.EDU
> Date: Thursday, September 25, 200
Ah - well - the alias isn't for the 'sudo' command itself -- it's just for
sudoers...The alias will resolve into the list of commands -- you don't
actually get to use it on the command line. It's just a vehicle to help
you code sudoers more efficiently - no
now I see said the blind man.
I was hoping to make it very,very simple
Mace
--- On Thu, 9/25/08, Scott Rohling <[EMAIL PROTECTED]> wrote:
> From: Scott Rohling <[EMAIL PROTECTED]>
> Subject: Re: question about sudo
> To: LINUX-390@VM.MARIST.EDU
> Date: Thur
25, 2008 at 9:33 AM, Scott Rohling <[EMAIL PROTECTED]>wrote:
> Ah - well - the alias isn't for the 'sudo' command itself -- it's just for
> sudoers...The alias will resolve into the list of commands -- you don't
> actually get to use it on the command l
You know I've read a lot on sudo but this was never explained so well or if it
was I missed it.
You have turned on another light.
Thanks Scott
Mace
--- On Thu, 9/25/08, Scott Rohling <[EMAIL PROTECTED]> wrote:
> From: Scott Rohling <[EMAIL PROTECTED]>
> Subject: Re: q
> now I see said the blind man.
> I was hoping to make it very,very simple
Suggestion: Write some small scripts with the command names you want,
stash them somewhere, and have the aliases call those scripts. You can
then authorize appropriately in sudoers. Also lets it warn you when J
LJ Mace wrote:
(rant on)I am trying to protect the system from an incompetent manager making a
bad decision about an operator(rant off).
Anyway so the operator doen't have to log into root I'm trying to setup
sudo to perform several commands.
To shorten the keying I have setup cmnd
able to execute (maybe not list the directory,
and certainly not list the contents of files).
Review whether apparmour or selinux can assist with securing access;
note that once the user's said "sudo" they are root, but maybe the
security can see that it's operator who's
Erik N Johnson wrote:
It is an interesting question. The fact o the matter is that Linux is
named after Linus Torvalds. The predominant pronounciations of Linux
are: 'LINE-ix' and 'LI-nucks', but the name Linus (in Helsinki at any
rate) is pronounced 'LEE-noose'. So the 'correct' pronounciatio
I just turned insults on to see what was said. You are correct John a little
bit of that goes a LONG way.
thanks
Mace
--- On Thu, 9/25/08, John Summerfield <[EMAIL PROTECTED]> wrote:
> From: John Summerfield <[EMAIL PROTECTED]>
> Subject: Re: question about sudo
> To: LI
LJ Mace wrote:
I just turned insults on to see what was said. You are correct John a little
bit of that goes a LONG way.
Don't shoot yourself in the foot:-)
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org
Shawn Wells wrote:
Erik N Johnson wrote:
It is an interesting question. The fact o the matter is that Linux is
named after Linus Torvalds. The predominant pronounciations of Linux
are: 'LINE-ix' and 'LI-nucks', but the name Linus (in Helsinki at any
rate) is pronounced 'LEE-noose'. So the 'co
On 09/26/2008 09:03:54 AM, John Summerfield wrote:
> Shawn Wells wrote:
> > Erik N Johnson wrote:
> >> It is an interesting question. The fact o the matter is that Linux
is
> >> named after Linus Torvalds. The predominant pronounciations of Linux
> >> are: 'LINE-ix' and 'LI-nucks', but the name L
I suppose if you listen carefully you hear: LEE-nooks but then not
everybody will necessarily agree on how to pronounce what I just
wrote. The whole point is that whether you say tuh-MAY-toe or
tuh-MAH-toe everybody still knows what you mean. As computational
linguistics (and common sense) tells
>>> On 9/26/2008 at 8:32 PM, in message
<[EMAIL PROTECTED]>, Erik N Johnson
<[EMAIL PROTECTED]> wrote:
-snip-
> Upon realization of that fact,
> further argument on the point would seem pedantic and obtuse.
That describes about 95% of the people in the IT industry, which is why
discussions such
X-390@VM.MARIST.EDU
Subject: Re: curiosity: pronouncing "sudo"
>>> On 9/26/2008 at 8:32 PM, in message
<[EMAIL PROTECTED]>, Erik N
Johnson
<[EMAIL PROTECTED]> wrote:
-snip-
> Upon realization of that fact,
> further argument on the point would seem pedantic and obtuse.
And here I just thought we were enjoying a little silliness. :)
Douglas
Linux on 390 Port wrote on 09/28/2008 04:55:28
PM:
> [image removed]
>
> Re: [LINUX-390] curiosity: pronouncing "sudo"
>
> Mark Post
>
> to:
>
> LINUX-390
>
> 09/28/2008
wrote:
> And here I just thought we were enjoying a little silliness. :)
>
> Douglas
>
> Linux on 390 Port wrote on 09/28/2008 04:55:28
> PM:
>
>> [image removed]
>>
>> Re: [LINUX-390] curiosity: pronouncing "sudo"
>>
>> Mark Post
>>
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
James Melin wrote:
| Is there any way to limit what processes someone could kill when using
| Sudo?
|
| Our websphere administrator wants the authority to kill a hung java thread
| should the need arise, and he wants the root password. I do not want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
create a script to kill the specific process (where the script checks, if
the process to kill belongs to websphere) and define a sudo configuration
to regulate access to this script.
Regards,
Juergen Friedrichs
PGP Fingerprint: 15B9 DF14 12EA 96C7
> -Original Message-
> From: James Melin [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 13, 2005 02:02 PM
> To: LINUX-390@VM.MARIST.EDU
> Subject: SUDO access granularity
>
> Is there any way to limit what processes someone could kill when using
> Sudo?
>
&g
On Thu, Nov 12, 2009 at 9:28 AM, Shane wrote:
> Anyone else picked up on this ?
> http://www.groklaw.net/article.php?story=2009094923390
Now I understand. Once they have the right to "sudo" they will not
require every windoze user to have administrator privileges for their
> -Original Message-
> From: Linux on 390 Port On Behalf Of Shane
>
> Anyone else picked up on this ?
> http://www.groklaw.net/article.php?story=2009094923390
>
> No wonder everyone cheered when the lawyer got eaten in the original
> Jurassic Park.
My "cynical" take on software in ge
On Thursday 12 November 2009 07:00:33 Chase, John wrote:
>
> My "cynical" take on software in general:
>
> 1. All software ultimately is a set of mathematical expressions.
> 2. Mathematical expressions are "facts".
> 3. "Facts" are not patentable.
>
> -jc-
Or, conversely, taking the
> -Original Message-
> From: Linux on 390 Port On Behalf Of Leslie Turriff
>
> On Thursday 12 November 2009 07:00:33 Chase, John wrote:
> >
> > My "cynical" take on software in general:
> >
> > 1. All software ultimately is a set of mathematical expressions.
> > 2. Mathematical expressio
I've got 2+2=4 locked in myself :-)
Scott
On Thu, Nov 12, 2009 at 7:45 AM, Chase, John wrote:
> > -Original Message-
> > From: Linux on 390 Port On Behalf Of Leslie Turriff
> >
> > On Thursday 12 November 2009 07:00:33 Chase, John wrote:
> > >
> > > My "cynical" take on software in ge
Sheesh
I thought everyone knew that Al Gore invented "sudo".
Bill Reed
CSC ITS-EPA Team (Excel Management Systems)
Supporting the Environmental Protection Agency
Research Triangle Park, North Carolina
Phone: 919-767-7257
Fax: 919-406-2602
Email: reed.b.
Scott writes:
> I've got 2+2=4 locked in myself :-)
Isn't that this a specific case, and your patent really is of "+" ?
--henry schaffer
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists
On Thu, Nov 12, 2009 at 4:00 PM, Bill Reed wrote:
> I thought everyone knew that Al Gore invented "sudo".
No, he invented Global Warming (to help those who must smoke outside)
--
For LINUX-390 subscribe / sign
> -Original Message-
> From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On
> Behalf Of Bill Reed
> Sent: Thursday, November 12, 2009 9:00 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: M$oft patents "sudo"
>
> Sheesh
>
> I thought e
He was not speaking literately, but AlGorecally!
--- allan.stal...@kbm1.com wrote:
From: "Staller, Allan"
To: LINUX-390@VM.MARIST.EDU
Subject: Re: M$oft patents "sudo"
Date: Thu, 12 Nov 2009 09:13:31 -0600
Groan! Would you quit PUNishing us!
No, Al invented all music
Groan! Would you quit PUNishing us!
No, Al invented all music software. What? You never heard of
AlGoreRythm?
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the mess
On 11/12/09 9:32 AM, "Leslie Turriff" wrote:
-jc-
> Or, conversely, taking the pessimistic case:
>
> 1. All software ultimately is a set of mathematical expressions.
> 2. All software is patentable (per present thinking).
> 3. Therefore, all mathematical expressions are patentable.
Although
cc
Subject
Re: M$oft patents "sudo"
11/12/2009 08:47
AM
Please respond to
Linux on 390 Port
I've got 2+2=4 l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Shane wrote:
> Anyone else picked up on this ?
> http://www.groklaw.net/article.php?story=2009094923390
>
For whatever it's worth, attached is Todd Miller's (primary sudo
developer) response to the MS patent news.
- --
: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
bruce.light...@its.ms.gov
Sent: Thursday, November 12, 2009 11:38 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: M$oft patents "sudo"
I am aiming for 1+1=10 all your logic gates are mine !!
However 10 + 10 = 32. I've got that one cornered!
Edward Long
From: William D Carroll
To: LINUX-390@VM.MARIST.EDU
Sent: Thu, November 12, 2009 1:12:18 PM
Subject: Re: M$oft patents "sudo"
I can see 1+1=11 because we all know since Scott hold
I'm going for the patent on the space character -- a small pittance
every time someone puts a space between words would make me very happy !
sooni'llbekingoftheworldbwahhahaha
--
For LINUX-390 subscribe / signoff / archive acces
Privilege escalation? M$oft must finally have decided to copy what
viruses do on Windows.
Windows attracts malware like trailer parks attract tornadoes...
On Thu, Nov 12, 2009 at 3:28 AM, Shane wrote:
> Anyone else picked up on this ?
> http://www.groklaw.net/article.php?story=2009094923390
bruce.light...@its.ms.gov wrote:
I am aiming for 1+1=10 all your logic gates are mine !!
I'll take these:
1 OR 1 = 1
1 OR 0 = 1
0 OR 1 = 1
0 OR 0 = 0
--
Cheers
John
-- spambait
1...@coco.merseine.nu z1...@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.
Just curious...will SUDO work for ALL zLinux admin tasks (SuSE and Redhat)
?
Or, is root ID needed for certain tasks?
Thanks,
Dave
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL
7;su to another user' and the audit trail seems
to be lost. Has anyone solved this issue?
# env | grep mike
USER=mike
...
# sudo -i
mike's password:
# env | grep mike
SUDO_USER=mike
# su - zadmin
env | grep mike
Please don't say just don't allow root to su to another user -
If you give your system administrators the ability to "sudo su - " then
absolutely. Most, if not all of the tasks I've ever needed to execute
on SUSE and Red Hat via their tools prompt for the root password if
you're not logged in as root. That's just about as good, sin
And you can bypass the password with the "NOPASSWD: ALL" option in the
/etc/sudoers file.
Handy for quick hcp queries, commands, etc.
Just doing a "su" command (e.g. not "sudo su"), and the root password needs
to be entered, in this case.
Doug Ponte
-Origin
> -Original Message-
> From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On
> Behalf Of Post, Mark K
> Sent: Tuesday, June 07, 2005 12:33 PM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: Will SUDO work for every admin task?
>
>
> If you give your system ad
Probably nothing, if root's default shell is bash.
Mark Post
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
McKown, John
Sent: Tuesday, June 07, 2005 2:09 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Will SUDO work for every admin task?
-snip-
Wh
Right, unless you are using csh or some other shell at the time.
Also, you can bypass the password with the "NOPASSWD: ALL" option in the
/etc/sudoers file.
Sudo is always handy for quick hcp queries, commands, etc.
If just using the "su" command (e.g. not "sudo su&
On Tue, Jun 07, 2005 at 11:06:33AM -0600, Dave Myers wrote:
> Just curious...will SUDO work for ALL zLinux admin tasks (SuSE and Redhat)
> ?
> Or, is root ID needed for certain tasks?
I haven't encountered anything that can't be done via sudo.
There are poorly written scripts
We use sudo also to get a logging of all system activities performed,
so we try to stay away from 'sudo su -' or running private shell
scripts under sudo. One of the gotchas I ran into is starting and
stoppping of services, but you can do that as
sudo su -c '/etc/init.d/named r
On Mon, Dec 19, 2016 at 3:12 PM, Michael MacIsaac
wrote:
> # env | grep mike
> USER=mike
> ...
> # sudo -i
> mike's password:
> # env | grep mike
> SUDO_USER=mike
> # su - zadmin
> env | grep mike
>
>
> Please don't say just don't allow root
Christian,
Thanks for the quick reply. That is good input.
-Mike
On Mon, Dec 19, 2016 at 9:28 AM, Christian Ehrhardt <
christian.ehrha...@canonical.com> wrote:
> On Mon, Dec 19, 2016 at 3:12 PM, Michael MacIsaac
> wrote:
>
> > # env | grep mike
> > USER
Mike, is this distro dependent or does it affect all distros?
Thanks,
Steve
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael
MacIsaac
Sent: Monday, December 19, 2016 9:12 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Root, sudo, su and preserving
nks,
> Steve
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
> Michael MacIsaac
> Sent: Monday, December 19, 2016 9:12 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Root, sudo, su and preserving audit trail
>
> Hi,
>
> We
if it's still around or not. But, something like that is going to be
necessary to accomplish a really good audit trail.
One possibility to do exactly what you asked for, that you didn't mention was
that instead of the root user using su, the scripting (or users) could have
root us
While sudo is certainly better than sharing a password, it isn't like Mark
said, going to provide you with a good audit trail.
If someone managed to get root access on your server to do something malicious,
you can bet they also know how to remove the audit trail if it's on that s
y good audit trail.
>
> One possibility to do exactly what you asked for, that you didn't mention
> was that instead of the root user using su, the scripting (or users) could
> have root use sudo instead. Also, I don't know if you've tried it o
ronment variable SUDO_USER.
The concept "su to root" takes a couple different forms.
You can 'su' to root from (e.g.) mike if you know the password.
(Password maint is a pain, but let's not open that can-o-worms just
yet.) Clearly you want to use 'sudo' instead. Go
browser. We
then have AUTHENTICATE_UID or REMOTE_USER set. The user is passed on from
our scripts that perform operations. I'm not sure how that can be
circumvented, at least from the Web. It's SSH sessions that are trickier.
> Both 'su' and 'sudo' are logged.
Yes, of course
the environment may ("does"?, or at least "should")
provide some of the audit you're looking for.
It's the SSH sessions, or any shell/command sessions, where I'd say
"don't
f you use certificates, it prints
the name embedded in it. Obviously it does not work with shared secrets
like passwords. So there is a way to trace connections back to a user
even if a target account is shared among multiple ones.
> Both 'su' and 'sudo' are logged. That'
Might be of interest to folks here..
https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
DJ
--
DAVID JONES | MANAGING DIRECTOR FOR ZSYSTEMS SERVICES | z/VM, Linux, and
Cloud
703.237.7370 (Office) | 281.578.7544 (CELL)
INFORMATION TECHNOLOGY COMPANY
Blind? That's Exodus in reverse, and it's the most iconic phrase God
has ever spoken. Listen. Let there be light.
HTTP://REVOLUTION.WHENISTHEAPOCALYPSE.COMl
This is a message about freedom--delivering true universal voting,
indicating a number of technologies that have been hidden, and yet
rec
98 matches
Mail list logo
