RE: [opensuse] limit 'su' to a specific username
-----Original Message----- From: 'Patrick Shanahan' [mailto:paka@opensuse.org] Sent: Thursday, July 30, 2009 12:22 PM To: James D. Parra Subject: Re: [opensuse] limit 'su' to a specific username
The problem I see is that the user can 'sudo' commands as another user, however I am trying to get the user to actually be that other user. I don't see that functionality with sudo. Is there a way to have sudo 'su' to a specific user?
Thanks again,
Why are we off-list? what about: DESCRIPTION The sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what). When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). The sudoers grammar will be described below in Extended Backus-Naur Form (EBNF). Don't despair if you don't know what EBNF is; it is fairly simple, and the definitions below are annotated. do you not understand Sudo give elevated priviledges to specific commands and specific locations to a *named* user. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~` The off-list reply was accidental. Perhaps I am not properly describing what I am trying to accomplish. What I want is to have is userA, userB, & userC, su to userZ, but not be able to su to anything else. All three users need to become userZ, have userZ's name at the prompt, and do all work as that user. Once they exit, they'll back at there original login names. In other words, I don't want the users issuing 'sudo' for every command they need to do as userZ. I hope this is a little clearer. Regards, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 31 Jul 2009 05:09:06 James D. Parra wrote:
-----Original Message----- [...] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
The off-list reply was accidental.
Perhaps I am not properly describing what I am trying to accomplish. What I want is to have is userA, userB, & userC, su to userZ, but not be able to su to anything else. All three users need to become userZ, have userZ's name at the prompt, and do all work as that user. Once they exit, they'll back at there original login names.
In other words, I don't want the users issuing 'sudo' for every command they need to do as userZ.
I hope this is a little clearer.
Regards,
James
James, You could create a bash alias for 'su' that points to 'su userZ' so when the users run 'su' instead of just a simple 'su' command, bash replaces it with 'su userZ'. I think you'll probably have to set up the alias for each user. You probably don't want to set it globally or you'll never be able to su to another user yourself (I'm assuming you're the sysadmin and that you want to be able to su to users other than userZ e.g. root). Aliases are defined for each user in ~/.alias (but the catch is that users can normally edit their own .alias file themselves). If you want to set it globally then add it into /etc/bash.bashrc.local (but if you do this you will want to add an additional alias for 'su=su' in your own .alias file. YMMV as I'm not sure which takes precedence - experimentation will tell you. HTH. Rodney. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
James D. Parra -
Rodney Baker