On Friday 26 May 2006 11:43, LJ Mace wrote:
> I need to create a logon that has root auth but I want the operator
> logging in as themselves not root. So I went to the sudoer file(I did some
> reading 1st) and created and added several entries those being:
>
>User_Alias OPERGRP = Oper01(in User_Alias)
>Oper01 ALL=(ALL) ALL,!/usr/bin/passwd root(in User privilege spec section)
> %OPERGRP ALL=(ALL) ALL(I placed this under the comment of
> %wheel.I guess its the user sped section)
>
> .
> The way the manual reads this should give Oper01 all auth that root has
> with the exception of changing roots password. But when i su - Oper01 and
> try to execute a command it get permission deined but if I do it from root
> it works. We are running sles9 sp3 . Can someone explain what I'm missing??
Your Oper01 user has to prefix the command with "sudo", as in:
sudo less /etc/shadow
in order to run a command as the superuser. The user's login shell does not
itself have any special permissions as a result of modifying the /etc/sudoers
file. What happens is that the sudo command runs as root because it has the
SetUID permission bit set. Sudo reads sudoers to decide if the command given
as its arguments should be allowed to run with root permissions or not.
- MacK.
-----
Edmund R. MacKenty
Software Architect
Rocket Software, Inc.
Newton, MA USA
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
