Hi again,
I came up with this now:
cat /usr/local/bin/adm.sh
-
#!/bin/bash
case $1 in
install)
echo Install $2
apt-get install $2
exit 0
;;
restart)
echo Restart
And hi again,
as listed below I'm using 'mail_always' in my sudoers list. Also I will receive
all commands executed using sudo by mail.
servername : May 27 12:59:20 : sudotest : TTY=pts/1 ; PWD=/home/sudotest ;
USER=root ; COMMAND=/usr/local/bin/adm.sh install apache2
Unfortunately I'm not
On Fri, May 25, 2012 at 9:02 PM, Richard Hector rich...@walnut.gen.nz wrote:
On 26/05/12 01:43, Tom H wrote:
* apt-get install but not remove
IMO this is possible by setting whole command apt-get options * in
sudoers, but i never tried this. I have on one my server this:
On Sun, May 27, 2012 at 5:54 AM, Denis Witt
denis.w...@concepts-and-training.de wrote:
Hi again,
I came up with this now:
cat /usr/local/bin/adm.sh
Having access to chown and chmod is not secure:
cbell@circe:~$ cp /bin/dash .
cbell@circe:~$ sudo ./adm.sh chown root:root ./dash
Change
Hi List,
we're running a server for a german bank. Of course we want to keep our
services secure. A partner of us has to install a web based service (php,
python and sql) on this machine. This partner will also be in charge in support
and maintenance of this software.
So he needs access to
to allow others only to restart
Apache.
Will have to double check though at a later point, no access to it from work
place...
-Original Message-
From: Denis Witt [mailto:denis.w...@concepts-and-training.de]
Sent: 25 May 2012 09:13
To: debian-user@lists.debian.org
Subject: Configure
On Fri, May 25, 2012 at 09:13:05AM BST, Denis Witt wrote:
sudo su must be disabled of course, also /etc/sudoers must be write
protected, even for root. This is no problem if you use chattr +i
/etc/sudoers.
/etc/sudoers file is read only by default.
But i think enable all commands and
Hi,
i am not sudo expert, but consider my notes:
by default are all commands disabled. If you enable some command, then
other still will be disabled.
Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
denis.w...@concepts-and-training.de napísal:
* editing of php.ini
it is possible to set in
On Fri, May 25, 2012 at 4:13 AM, Denis Witt
denis.w...@concepts-and-training.de wrote:
we're running a server for a german bank. Of course we want to keep our
services secure. A partner of us has to install a web based service (php,
python and sql) on this machine. This partner will also be
On Fri, May 25, 2012 at 5:54 AM, Regendoerp, Achim
achim.regendo...@galacoral.com wrote:
Having a quick google look, perhaps this could be a solution for your problem:
http://www.unix.com/unix-advanced-expert-users/39736-sudoer-file-controlling-parameters.html
I'd put the scripts in
On Fri, May 25, 2012 at 6:31 AM, Slavko li...@slavino.sk wrote:
Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
denis.w...@concepts-and-training.de napísal:
* editing of php.ini
it is possible to set in /etc/sudoers whole command line (with file name),
but see bellow. Try tweak unix group
On Vi, 25 mai 12, 09:43:07, Tom H wrote:
They'll also need to use apt-get update.
On a stable machine updates triggered by cron-apt (or friends) might be
enough.
Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
On 26/05/12 01:43, Tom H wrote:
* apt-get install but not remove
IMO this is possible by setting whole command apt-get options * in
sudoers, but i never tried this. I have on one my server this:
User_AliasEJABBER = snmp, www-data
...
EJABBER ALL=(ejabberd) NOPASSWD:
13 matches
Mail list logo