On Sun, May 27, 2012 at 5:54 AM, Denis Witt
wrote:
> Hi again,
>
> I came up with this now:
>
> cat /usr/local/bin/adm.sh
Having access to chown and chmod is not secure:
cbell@circe:~$ cp /bin/dash .
cbell@circe:~$ sudo ./adm.sh chown root:root ./dash
Change ownership root:root ./dash
cbell@circ
On Fri, May 25, 2012 at 9:02 PM, Richard Hector wrote:
> On 26/05/12 01:43, Tom H wrote:
>> * apt-get install but not remove
>>>
>>> >
>>> > IMO this is possible by setting whole command "apt-get options *" in
>>> > sudoers, but i never tried this. I have on one my server this:
>>> >
And hi again,
as listed below I'm using 'mail_always' in my sudoers list. Also I will receive
all commands executed using sudo by mail.
servername : May 27 12:59:20 : sudotest : TTY=pts/1 ; PWD=/home/sudotest ;
USER=root ; COMMAND=/usr/local/bin/adm.sh install apache2
Unfortunately I'm not abl
Hi again,
I came up with this now:
cat /usr/local/bin/adm.sh
-
#!/bin/bash
case $1 in
install)
echo "Install $2"
apt-get install $2
exit 0
;;
restart)
echo "Restart
On 26/05/12 01:43, Tom H wrote:
>> * apt-get install but not remove
>
> IMO this is possible by setting whole command "apt-get options *" in
> sudoers, but i never tried this. I have on one my server this:
>
> User_AliasEJABBER = snmp, www-data
> ...
> EJABBER ALL=(ejabberd) NOPASSWD:
On Vi, 25 mai 12, 09:43:07, Tom H wrote:
>
> They'll also need to use "apt-get update".
On a stable machine updates triggered by cron-apt (or friends) might be
enough.
Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinf
On Fri, May 25, 2012 at 6:31 AM, Slavko wrote:
> Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
> napísal:
>> * editing of php.ini
>
> it is possible to set in /etc/sudoers whole command line (with file name),
> but see bellow. Try tweak unix group memberships for this.
>>
>> * some editors
>
>
On Fri, May 25, 2012 at 5:54 AM, Regendoerp, Achim
wrote:
>
> Having a quick google look, perhaps this could be a solution for your problem:
>
> http://www.unix.com/unix-advanced-expert-users/39736-sudoer-file-controlling-parameters.html
I'd put the scripts in "/usr/local/{,s}bin" rather than in
On Fri, May 25, 2012 at 4:13 AM, Denis Witt
wrote:
>
> we're running a server for a german bank. Of course we want to keep our
> services secure. A partner of us has to install a web based service (php,
> python and sql) on this machine. This partner will also be in charge in
> support and main
Hi,
i am not sudo expert, but consider my notes:
by default are all commands disabled. If you enable some command, then
other still will be disabled.
Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
napísal:
> * editing of php.ini
it is possible to set in /etc/sudoers whole command line (with f
On Fri, May 25, 2012 at 09:13:05AM BST, Denis Witt wrote:
> sudo su must be disabled of course, also /etc/sudoers must be write
> protected, even for root. This is no problem if you use chattr +i
> /etc/sudoers.
/etc/sudoers file is read only by default.
> But i think enable all commands and di
ian.org
> Subject: Configure sudo
>
> Hi List,
>
> we're running a server for a german bank. Of course we want to keep our
> services secure. A partner of us has to install a web based service (php,
> python and sql) on this machine. This partner will also be in charge in
&
Hi List,
we're running a server for a german bank. Of course we want to keep our
services secure. A partner of us has to install a web based service (php,
python and sql) on this machine. This partner will also be in charge in support
and maintenance of this software.
So he needs access to the
13 matches
Mail list logo
