Mailinglist Archive: opensuse (3318 mails)

[Aaron Kulkis <akulkis00@xxxxxxxxxx>]

Dirk Moolman wrote:
> I am trying to setup sudo rights on a specific user (username: test), to
> use the command: useradd
>
> I have not used sudo before, and I played around with /etc/sudoers a
> bit, but I keep getting the error:
>
>       useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh
> test2
>       Cannot lock password file: already locked.
>
>
> My sudoers file looks like this currently:
>
> /etc/sudoers
>
> # create group LIMITEDTRUST with user test as a member
> User_Alias LIMITEDTRUST=test
> Cmnd_Alias PROGRAMS=/usr/sbin/useradd,/usr/bin/ksh
                                        ^^^^^^^^^^^^^

Are you crazy????
You realize that by giving a user sudo access to ANY
shell (or even an editor which can spawn a shell,
like vi), that you are giving the user permission to
run ANY program.



> # members in the group LIMITEDTRUST are allowed to use sudo only with
> the commands listed in cmnd alias PROGRAMS
>
> #LIMITEDTRUST ALL=PROGRAMS, NOPASSWD:PROGRAMS
> LIMITEDTRUST ALL = ALL
>
>
> I am using Suse SLES9.
>
> What do I need to do / change to get user "test" to be able to use
> "useradd" ?


Getting useradd to work is the least of your worries
at the moment -- Get that ksh command out of there,
or else you will find one of your systems TOTALLY
screwed up when some user discovers that you're
allowing them to run a shell as super-user (root).


-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx