You know I've read a lot on sudo but this was never explained so well or if it was I missed it. You have turned on another light. Thanks Scott Mace
--- On Thu, 9/25/08, Scott Rohling <[EMAIL PROTECTED]> wrote: > From: Scott Rohling <[EMAIL PROTECTED]> > Subject: Re: question about sudo > To: [email protected] > Date: Thursday, September 25, 2008, 11:42 AM > To further explain -- you would normally use an alias in > sudoers to point > to a list of commands ... > > Cmnd_Alias OPCMDS = /opt/scripts/cmsshutdown.sh, > /sbin/shutdown -h now, > /sbin/shutdown -r now > > Then use that allias throughout the sudoers file: > > oper1 ALL=OPCMDS > > Scott Rohling > > > > On Thu, Sep 25, 2008 at 9:33 AM, Scott Rohling > <[EMAIL PROTECTED]>wrote: > > > Ah - well - the alias isn't for the 'sudo' > command itself -- it's just for > > sudoers... The alias will resolve into the list of > commands -- you don't > > actually get to use it on the command line. It's > just a vehicle to help > > you code sudoers more efficiently - not to provide an > alias when you issue > > commands. Make sense? > > > > Scott Rohling > > > > > > On Thu, Sep 25, 2008 at 9:22 AM, LJ Mace > <[EMAIL PROTECTED]> wrote: > > > >> But when I sudo SHUTL2 I get: > >> sudo: SHUTL2: command not found > >> Mace > >> > >> > >> --- On Thu, 9/25/08, Scott Rohling > <[EMAIL PROTECTED]> wrote: > >> > >> > From: Scott Rohling > <[EMAIL PROTECTED]> > >> > Subject: Re: question about sudo > >> > To: [email protected] > >> > Date: Thursday, September 25, 2008, 11:06 AM > >> > Isn't that what you want to see? The > resolution of all > >> > the aliases and the > >> > final result? That's what I'd want > to see - > >> > sanity check to make sure the > >> > aliases are resolving... And in this case > it looks like > >> > SHUTL2 is > >> > resolving but CMSDOWN is not.. > >> > > >> > Scott Rohling > >> > > >> > (resending -- for some reason my reply just > went directly > >> > to ljmace the > >> > first time) > >> > > >> > On Thu, Sep 25, 2008 at 8:53 AM, LJ Mace > >> > <[EMAIL PROTECTED]> wrote: > >> > > >> > > (rant on)I am trying to protect the > system from an > >> > incompetent manager > >> > > making a bad decision about an > operator(rant off). > >> > > Anyway so the operator doen't have > to log into > >> > root I'm trying to setup > >> > > sudo to perform several commands. > >> > > To shorten the keying I have setup cmnd > alias ,but > >> > when I try to execute > >> > > the alias i get command not found. > >> > > So here is my sudo file: > >> > > Host_Alias IMAGE1 = xx.xx.xx.xxx > >> > > # User alias specification > >> > > User_Alias IMAGEUSR1= oper1 > >> > > # Cmnd alias specification > >> > > Cmnd_Alias SHUTL2 = /sbin/shutdown -r > 0 > >> > > Cmnd_Alias CMSDOWN = > /opt/scripts/cmsshutdown.sh > >> > > # Defaults specification > >> > > Defaults targetpw,insults # ask for > the password of > >> > the target user i.e. > >> > > root > >> > > %users ALL=(ALL) ALL # WARNING! Only use > this together > >> > with 'Defaults > >> > > targetpw'! > >> > > > >> > > # User privilege specification > >> > > # You should not use sudo as root in an > SELinux > >> > environment > >> > > # If you use SELinux, remove the > following line > >> > > root ALL=(ALL) ALL > >> > > oper1 ALL=/sbin/shutdown -h > now,!/usr/bin/passwd root, > >> > !/bin/rm, \ > >> > > SHUTL2, CMSDOWN > >> > > # Uncomment to allow people in group > wheel to run all > >> > commands > >> > > # %wheel ALL=(ALL) ALL > >> > > > >> > > # Same thing without a password > >> > > # %wheel ALL=(ALL) > NOPASSWD: ALL > >> > > > >> > > I've done the sudo -K to bring in > the changes but > >> > when I do a > >> > > sudo -l I get: > >> > > > >> > > User oper1 may run the following > commands on this > >> > host: > >> > > (ALL) ALL > >> > > (root) /sbin/shutdown -h now > >> > > (root) !/usr/bin/passwd root > >> > > (root) !/bin/rm > >> > > (root) /sbin/shutdown -r 0 > >> > > Why is it showing the commands and not > the alias? > >> > > thanks > >> > > Mace > >> > > > >> > > > >> > > ---------------------------------------------------------------------- > >> > > For LINUX-390 subscribe / signoff / > archive access > >> > instructions, > >> > > send email to [EMAIL PROTECTED] > with the message: > >> > INFO LINUX-390 or > >> > > visit > >> > > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > >> > > > >> > > >> > > ---------------------------------------------------------------------- > >> > For LINUX-390 subscribe / signoff / archive > access > >> > instructions, > >> > send email to [EMAIL PROTECTED] with the > message: INFO > >> > LINUX-390 or visit > >> > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > >> > >> > ---------------------------------------------------------------------- > >> For LINUX-390 subscribe / signoff / archive access > instructions, > >> send email to [EMAIL PROTECTED] with the > message: INFO LINUX-390 or > >> visit > >> http://www.marist.edu/htbin/wlvindex?LINUX-390 > >> > > > > > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access > instructions, > send email to [EMAIL PROTECTED] with the message: INFO > LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
