5

Change sudo defaults only for sudo -i

view full story
linux-howto

http://serverfault.com – At my site the typical sudoers setup has Defaults mail_always globally set so we can keep track of what the users are generally using sudo for (which should be very infrequent) and sort out fixing the permissions for common actions. This is disabled per role account that needs to execute things as root. We've shifted to a policy of discourage direct logins as role accounts for the purposes of auditing and preventing the role users from becoming "party accounts". Thus, we have a lot of logins as a regular user than then immediately invoke sudo -u <role account> -i. I would really like (HowTos)

dayu's picture
Submitted by dayu on 11/05/2012 – Made popular on 11/05/2012

Stories similar to Change sudo defaults only for sudo -i

Hello all,

I manage some HP-UX 11.31 servers. I have some users that have sudo access. All of them belong to the 'sudoers' user group.

How does the sudoers work? 37 weeks 5 days ago

During an installation, as usual, we create our main user account, and then we can do sudo commands with it without problem. Now, when I created another account, and I wanted to do sudo, it gave me error that the account is not in the sudoers file. In that file I found out that users in %admin and %sudo groups can gain root privileges.

sudo does not work. I have installed Arch onto a USB key, using BTRFS. The output of "sudo" is:

$ sudo sudo: unable to stat /etc/sudoers: Permission denied sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin

$ ls -l /etc/sudoers -r--r----- 1 root root 2849 May 18 15:00 /etc/sudoers

$ lsattr /etc/sudoers --------------- /etc/sudoers

$ strace -u ross sudo true

I change permissions the dir /etc , i can't execute sudo ...

sudo output :

Code: sudo: /etc/sudoers es escribible por todos sudo: no se encontraron fuentes sudoers válidas, saliendo sudo: no se puede inicializar la política de plugin As I can restore the folder with the correct permissions etc?

sorry for my bad English, I speak Spanish.

Sudo does not work in chroot 27 weeks 2 days ago

I would like to be able to use the sudo command in a chroot environment.

I start the chroot as follows:

chroot /debian-squeeze /bin/bash

Now I'm logged in as root in the chroot. I can do su user to log in as a user named user.

I have some non-privileged "role accounts" that need the ability to view [some of] the local syslogs (eg. /var/log/messages) for debugging purposes.

This is explicitly local log data, not remote syslog, logstash, etc. Obviously, there's several ways to address this issue.

I think this is a bug, but wanted to confirm here first.

I have two accounts on machine - first one was created when I built the machine and is part of sudo group.

Other account is coming from active directory, this account also has admin permissions - that is it can execute commands using sudo.

I've seen this question in different forms on various forums. Each time, the result never seems to be a full answer. I would like to prevent users from being able to sudo to root while maintaining the ability to sudo to other users. As tedious a task as this is I already know I can lock out editing the sudoers file and from running sudo bash|sh|etc.

I have installed Oracle 11g on fedora 14. I connected with SQL*Plus as 'SYS' and created some tables, then created a user named "account" and a role, "payroll" with the following privileges. I assigned the role to the "account" user but I cannot access the created tables when I log-in as "account".