Re: Sudo question

From: Bill Verzal (BVerzal@KOMATSUNA.COM)
Date: Mon Apr 19 2004 - 09:27:13 EDT

Rsh, not rsh.

BV
--------------------------------------------------------

"If everything is coming your way, then you are in the wrong lane"

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

             "Miller, Dave
             (I.S.)"
             <Dave.Miller@BHS. To
             ORG> aix-l@Princeton.EDU
             Sent by: IBM AIX cc
             Discussion List
             <aix-l@Princeton. Subject
             EDU> Re: Sudo question

             04/19/2004 08:20
             AM

             Please respond to
                  IBM AIX
              Discussion List
             <aix-l@Princeton.
                   EDU>

Thanks I'll look into rsh.
My original intent/question more specifically was to be able to allow
them to

cd /home/webserver/logs
ls
view somelog.file

Thanks.

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Holger.VanKoll@SWISSCOM.COM
Sent: Monday, April 19, 2004 9:09 AM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

I doubt the original poster only wants to allow a "cd". Thats pointless.
If we knew what shell be achived, we could help better.

Meanwhile here is some guessing; allow sudo to call a restricted shell.
man Rsh

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Bill Thompson
Sent: Saturday, April 17, 2004 4:53 PM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

While "sudo sh" will work be aware that this will give the user running
this command full root access. He/she will be in a shell as
root - very dangerous.

sudo is a great tool for allowing access to commands a user does not
normally have rights to run but it does not replace Unix
permissions. i.e.: user "A" needs to be able to edit all of the files in
directory /foo/bar however, these files are owned by root.
There is no easy way to get sudo to do this. You would think configuring
something along the lines of "/bin/vi /foo/bar/*" would be
the answer and this will allow the user to edit said files, but it will
also allow the user to edit ANY file on the system. e.g.:
"sudo /bin/vi /foo/bar/../../etc/sudoers" will work just fine!

If anybody knows of a good way to do this (other than a wrapper script)
please share. I'd be very interested in seeing how other
people have solved this problem.

Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.

Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The
Goodyear Tire & Rubber Company.

AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2

----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject:
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.

Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The
Goodyear Tire & Rubber Company.

AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2

----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject: Re: Sudo question

> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it
takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org

> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it
takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org

-----------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential and privileged information for the use of the
designated recipients named above. If you are not the intended recipient,
you are hereby notified that you have received this communication in error
and that any review, disclosure, dissemination, distribution or copying of
it or its contents is prohibited. If you have received this communication
in error, please reply to the sender immediately or by telephone at (413)
794-0000 and destroy all copies of this communication and any attachments.
For further information regarding Baystate Health System's privacy policy,
please visit our Internet web site at http://www.baystatehealth.com.

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:50 EDT