[root@site14 ~]# visudo
add this lines >>>>>>>>>>>>>>>>>>>in sudoers file
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
testone ALL=(ALL) ALL
uncomment this line
%wheel ALL=(ALL) ALL
[root@site14 ~]# useradd testone
[root@site14 ~]# passwd testone
Changing password for user testone.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@site14 ~]# su testone
[testone@site14 root]$ cd
[testone@site14 ~]$ service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: Users cannot control this device.
[FAILED]
rm: cannot remove `/var/lock/subsys/network': Permission denied
Bringing up loopback interface: Users cannot control this device.
[FAILED]
Bringing up interface eth0: [ OK ]
touch: cannot touch `/var/lock/subsys/network': Permission denied
[testone@site14 ~]$ service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: Users cannot control this device.
[FAILED]
rm: cannot remove `/var/lock/subsys/network': Permission denied
Bringing up loopback interface: Users cannot control this device.
[FAILED]
Bringing up interface eth0: [ OK ]
touch: cannot touch `/var/lock/subsys/network': Permission denied
Now try with sudo command>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[testone@site14 ~]$ sudo service network restart
[sudo] password for testone:
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[testone@site14 ~]$ sudo service vncserver start
Starting VNC server: no displays configured [ OK ]
[testone@site14 ~]$
LIMIT PERMISSIONS TO SUDO USERS
[root@site14 testone]# useradd testtwo
[root@site14 testone]# passwd testtwo
Changing password for user testtwo.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@site14 testone]# visudo
Add testtwo user with find and rm permissions in sudoersfile:>>>>>>>>>>>>>>>>>>>
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
testone ALL=(ALL) ALL
testtwo ALL=(root) /usr/bin/find, /bin/rm
[testone@site14 ~]$ su testtwo
Password:
[testtwo@site14 testone]$ cd
[testtwo@site14 ~]$ ll
total 0
[testtwo@site14 ~]$ touch abctest.txt
[testtwo@site14 ~]$ ll
total 0
-rw-rw-r-- 1 testtwo testtwo 0 May 14 20:10 abctest.txt
[testtwo@site14 ~]$ sudo service network restart
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for testtwo:
Sorry, user testtwo is not allowed to execute '/sbin/service network restart' as root on site14.local.
[testtwo@site14 ~]$ sudo service network restart
[sudo] password for testtwo:
Sorry, user testtwo is not allowed to execute '/sbin/service network restart' as root on site14.local.
When testtwo usertwo try to service restart.. its failed..
It recommend to add permission to add service in sudoers file
testtwo ALL=(root) /usr/bin/find, /bin/rm, /sbin/service
[testtwo@site14 ~]$ sudo service network restart
[sudo] password for testtwo:
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[testtwo@site14 ~]$
add this lines >>>>>>>>>>>>>>>>>>>in sudoers file
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
testone ALL=(ALL) ALL
uncomment this line
%wheel ALL=(ALL) ALL
[root@site14 ~]# useradd testone
[root@site14 ~]# passwd testone
Changing password for user testone.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@site14 ~]# su testone
[testone@site14 root]$ cd
[testone@site14 ~]$ service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: Users cannot control this device.
[FAILED]
rm: cannot remove `/var/lock/subsys/network': Permission denied
Bringing up loopback interface: Users cannot control this device.
[FAILED]
Bringing up interface eth0: [ OK ]
touch: cannot touch `/var/lock/subsys/network': Permission denied
[testone@site14 ~]$ service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: Users cannot control this device.
[FAILED]
rm: cannot remove `/var/lock/subsys/network': Permission denied
Bringing up loopback interface: Users cannot control this device.
[FAILED]
Bringing up interface eth0: [ OK ]
touch: cannot touch `/var/lock/subsys/network': Permission denied
Now try with sudo command>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[testone@site14 ~]$ sudo service network restart
[sudo] password for testone:
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[testone@site14 ~]$ sudo service vncserver start
Starting VNC server: no displays configured [ OK ]
[testone@site14 ~]$
LIMIT PERMISSIONS TO SUDO USERS
[root@site14 testone]# useradd testtwo
[root@site14 testone]# passwd testtwo
Changing password for user testtwo.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@site14 testone]# visudo
Add testtwo user with find and rm permissions in sudoersfile:>>>>>>>>>>>>>>>>>>>
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
testone ALL=(ALL) ALL
testtwo ALL=(root) /usr/bin/find, /bin/rm
[testone@site14 ~]$ su testtwo
Password:
[testtwo@site14 testone]$ cd
[testtwo@site14 ~]$ ll
total 0
[testtwo@site14 ~]$ touch abctest.txt
[testtwo@site14 ~]$ ll
total 0
-rw-rw-r-- 1 testtwo testtwo 0 May 14 20:10 abctest.txt
[testtwo@site14 ~]$ sudo service network restart
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for testtwo:
Sorry, user testtwo is not allowed to execute '/sbin/service network restart' as root on site14.local.
[testtwo@site14 ~]$ sudo service network restart
[sudo] password for testtwo:
Sorry, user testtwo is not allowed to execute '/sbin/service network restart' as root on site14.local.
When testtwo usertwo try to service restart.. its failed..
It recommend to add permission to add service in sudoers file
testtwo ALL=(root) /usr/bin/find, /bin/rm, /sbin/service
[testtwo@site14 ~]$ sudo service network restart
[sudo] password for testtwo:
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[testtwo@site14 ~]$
No comments:
Post a Comment