Thank you that worked great. Now I have 1 more question. After I enter the command it asks for the password, I have to reply with the root password. Besides not authenticating(which I guess would be NOT having to enter a password) is there anyother way to do this?? thanks Mace "Edmund R. MacKenty" <[EMAIL PROTECTED]> wrote: On Friday 26 May 2006 11:43, LJ Mace wrote: > I need to create a logon that has root auth but I want the operator > logging in as themselves not root. So I went to the sudoer file(I did some > reading 1st) and created and added several entries those being: > >User_Alias OPERGRP = Oper01(in User_Alias) >Oper01 ALL=(ALL) ALL,!/usr/bin/passwd root(in User privilege spec section) > %OPERGRP ALL=(ALL) ALL(I placed this under the comment of > %wheel.I guess its the user sped section) > > . > The way the manual reads this should give Oper01 all auth that root has > with the exception of changing roots password. But when i su - Oper01 and > try to execute a command it get permission deined but if I do it from root > it works. We are running sles9 sp3 . Can someone explain what I'm missing??
Your Oper01 user has to prefix the command with "sudo", as in: sudo less /etc/shadow in order to run a command as the superuser. The user's login shell does not itself have any special permissions as a result of modifying the /etc/sudoers file. What happens is that the sudo command runs as root because it has the SetUID permission bit set. Sudo reads sudoers to decide if the command given as its arguments should be allowed to run with root permissions or not. - MacK. ----- Edmund R. MacKenty Software Architect Rocket Software, Inc. Newton, MA USA ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 --------------------------------- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
