On Sun, May 27, 2012 at 5:54 AM, Denis Witt
wrote:
> Hi again,
>
> I came up with this now:
>
> cat /usr/local/bin/adm.sh
Having access to chown and chmod is not secure:
cbell@circe:~$ cp /bin/dash .
cbell@circe:~$ sudo ./adm.sh chown root:root ./dash
Change ownership root:root ./dash
cbell@circ
On Fri, May 25, 2012 at 9:02 PM, Richard Hector wrote:
> On 26/05/12 01:43, Tom H wrote:
>> * apt-get install but not remove
>>>
>>> >
>>> > IMO this is possible by setting whole command "apt-get options *" in
>>> > sudoers, but i never tried this. I have on one my server this:
>>> >
And hi again,
as listed below I'm using 'mail_always' in my sudoers list. Also I will receive
all commands executed using sudo by mail.
servername : May 27 12:59:20 : sudotest : TTY=pts/1 ; PWD=/home/sudotest ;
USER=root ; COMMAND=/usr/local/bin/adm.sh install apache2
Unfortunately I'm not abl
Hi again,
I came up with this now:
cat /usr/local/bin/adm.sh
-
#!/bin/bash
case $1 in
install)
echo "Install $2"
apt-get install $2
exit 0
;;
restart)
echo "Restart
On 26/05/12 01:43, Tom H wrote:
>> * apt-get install but not remove
>
> IMO this is possible by setting whole command "apt-get options *" in
> sudoers, but i never tried this. I have on one my server this:
>
> User_AliasEJABBER = snmp, www-data
> ...
> EJABBER ALL=(ejabberd) NOPASSWD:
On Vi, 25 mai 12, 09:43:07, Tom H wrote:
>
> They'll also need to use "apt-get update".
On a stable machine updates triggered by cron-apt (or friends) might be
enough.
Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinf
On Fri, May 25, 2012 at 6:31 AM, Slavko wrote:
> Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
> napísal:
>> * editing of php.ini
>
> it is possible to set in /etc/sudoers whole command line (with file name),
> but see bellow. Try tweak unix group memberships for this.
>>
>> * some editors
>
>
On Fri, May 25, 2012 at 5:54 AM, Regendoerp, Achim
wrote:
>
> Having a quick google look, perhaps this could be a solution for your problem:
>
> http://www.unix.com/unix-advanced-expert-users/39736-sudoer-file-controlling-parameters.html
I'd put the scripts in "/usr/local/{,s}bin" rather than in
On Fri, May 25, 2012 at 4:13 AM, Denis Witt
wrote:
>
> we're running a server for a german bank. Of course we want to keep our
> services secure. A partner of us has to install a web based service (php,
> python and sql) on this machine. This partner will also be in charge in
> support and main
Hi,
i am not sudo expert, but consider my notes:
by default are all commands disabled. If you enable some command, then
other still will be disabled.
Dňa Fri, 25 May 2012 10:13:05 +0200 Denis Witt
napísal:
> * editing of php.ini
it is possible to set in /etc/sudoers whole command line (with f
On Fri, May 25, 2012 at 09:13:05AM BST, Denis Witt wrote:
> sudo su must be disabled of course, also /etc/sudoers must be write
> protected, even for root. This is no problem if you use chattr +i
> /etc/sudoers.
/etc/sudoers file is read only by default.
> But i think enable all commands and di
Having a quick google look, perhaps this could be a solution for your problem:
http://www.unix.com/unix-advanced-expert-users/39736-sudoer-file-controlling-parameters.html
I'm sure though you can specify the parameters used in the sudoers file, one of
my (private) machines is set up in that way
12 matches
Mail list logo
