Re: somewhat OT: sudo question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 9, 2010 at 10:44 PM, JD <jd1008@xxxxxxxxx> wrote:
>
> On 09/09/2010 07:38 PM, Tom H wrote:
>> On Thu, Sep 9, 2010 at 9:59 PM, JD<jd1008@xxxxxxxxx>  wrote:
>>> I tried it and I confirm that sudo is broken if
>>> the NOPASSWD: is followed by a list of commands.
>>> sudo will only allow the user to sudo the specified
>>> commands without a password.
>>> All other commands are blocked.
>>>
>>> I think you should open a bug at bugzilla.redhat.com
>> sudo will only allow what you specify "/etc/sudoers". If you only
>> specify "rajan ALL=(ALL) NOPASSWD: HIBERNATE", rajan will only be able
>> to use sudo to run a command in the HIBERNATE command alias. If rajan
>> wants to use sudo to run other commands (with or without a password),
>> he needs to add "rajan ALL=(ALL) ALL" to "/etc/sudoers".
> Two entries to achieve that?
> That's lame!

You might find it lame but I'm used to a multi-user environment where
we don't give everyone the same privileges and where we use
User_Alias, Runas_Alias, Host_Alias, Cmnd_Alias to grant privileges
and we use multiple lines in sudoers instead of having what might be a
restricted case like "rajan ALL=(ALL) NOPASSWD: HIBERNATE, PASSWD:
ALL".
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux