[opensuse] sudo, and useradd
I am trying to setup sudo rights on a specific user (username: test), to use the command: useradd I have not used sudo before, and I played around with /etc/sudoers a bit, but I keep getting the error: useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 Cannot lock password file: already locked. My sudoers file looks like this currently: /etc/sudoers # create group LIMITEDTRUST with user test as a member User_Alias LIMITEDTRUST=test Cmnd_Alias PROGRAMS=/usr/sbin/useradd,/usr/bin/ksh # members in the group LIMITEDTRUST are allowed to use sudo only with the commands listed in cmnd alias PROGRAMS #LIMITEDTRUST ALL=PROGRAMS, NOPASSWD:PROGRAMS LIMITEDTRUST ALL = ALL I am using Suse SLES9. What do I need to do / change to get user "test" to be able to use "useradd" ? Dirk *** Disclaimer *** The information contained in this e-mail is confidential and legally privileged and is intended solely for the addressee and to others who have the authority to receive it. Access to this e-mail by anyone else is unauthorized and as such, any disclosure, copying, distribution or any action taken or omitted in reliance on it is unlawful. If you have received this e-mail in error, please notify the sender immediately. The views expressed in this e-mail are the views of the individual sender and should in no way be construed as the views of the Company. The Company is not liable to ensure that outgoing e-mails are virus-free. The Company is not liable, should information or data, for whatever reason, be corrupted or fail to reach its intended addressee. The Company is not liable for any loss or damage of whatsoever nature and howsoever arising resulting from the opening or the use of the information in this e-mail, including its attachments and links. The sender of this e-mail is subject to and bound by the terms and conditions of Company+IBk-s Electronic Communications Usage Policy. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 27 Dec 2007 15:53:11 +0200 "Dirk Moolman" <DirkM@agilitytech.co.za> wrote:
I am trying to setup sudo rights on a specific user (username: test), to use the command: useradd
I have not used sudo before, and I played around with /etc/sudoers a bit, but I keep getting the error:
useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 Cannot lock password file: already locked.
My sudoers file looks like this currently:
/etc/sudoers
# create group LIMITEDTRUST with user test as a member User_Alias LIMITEDTRUST=test Cmnd_Alias PROGRAMS=/usr/sbin/useradd,/usr/bin/ksh
# members in the group LIMITEDTRUST are allowed to use sudo only with the commands listed in cmnd alias PROGRAMS
#LIMITEDTRUST ALL=PROGRAMS, NOPASSWD:PROGRAMS LIMITEDTRUST ALL = ALL
I am using Suse SLES9.
What do I need to do / change to get user "test" to be able to use "useradd" ?
Dirk
Try the following: sudo useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 You need to use the sudo command. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
On Thu, 27 Dec 2007 15:53:11 +-0200 "Dirk Moolman" <DirkM@agilitytech.co.za> wrote:
I am trying to setup sudo rights on a specific user (username: test), to use the command: useradd
I have not used sudo before, and I played around with /etc/sudoers a bit, but I keep getting the error:
useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 Cannot lock password file: already locked.
My sudoers file looks like this currently:
/etc/sudoers
# create group LIMITEDTRUST with user test as a member User_Alias LIMITEDTRUST=test Cmnd_Alias PROGRAMS=/usr/sbin/useradd,/usr/bin/ksh
# members in the group LIMITEDTRUST are allowed to use sudo only with the commands listed in cmnd alias PROGRAMS
#LIMITEDTRUST ALL=PROGRAMS, NOPASSWD:PROGRAMS LIMITEDTRUST ALL = ALL
I am using Suse SLES9.
What do I need to do / change to get user "test" to be able to use "useradd" ?
Dirk
------------------------------------------------------- From: Jerry Feldman [mailto:gaf@blu.org] Sent: 27 December 2007 04:48 PM Try the following: sudo useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 You need to use the sudo command. ------------------------------------------------------- [Dirk said:] :-o you're right - sorry, my mistake ....... first time user, but I should have picked it up. I can run the sudo command now (sudo useradd -c .........). I log in as user "test", which I have given sudo rights to, but when I run sudo useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 it only works if I enter the root passw0rd, instead of the test user's passw0rd. Why would this be ? The documentation says that it will ask for a password, but for the passw0rd of the user that is running the sudo command. Dirk *** Disclaimer *** The information contained in this e-mail is confidential and legally privileged and is intended solely for the addressee and to others who have the authority to receive it. Access to this e-mail by anyone else is unauthorized and as such, any disclosure, copying, distribution or any action taken or omitted in reliance on it is unlawful. If you have received this e-mail in error, please notify the sender immediately. The views expressed in this e-mail are the views of the individual sender and should in no way be construed as the views of the Company. The Company is not liable to ensure that outgoing e-mails are virus-free. The Company is not liable, should information or data, for whatever reason, be corrupted or fail to reach its intended addressee. The Company is not liable for any loss or damage of whatsoever nature and howsoever arising resulting from the opening or the use of the information in this e-mail, including its attachments and links. The sender of this e-mail is subject to and bound by the terms and conditions of Company+IBk-s Electronic Communications Usage Policy. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-12-28 at 09:40 +0200, Dirk Moolman wrote:
On Thu, 27 Dec 2007 15:53:11 +0200 "Dirk Moolman" <DirkM> wrote:
I am trying to setup sudo rights on a specific user (username: test), to use the command: useradd
Please, trim the quoted part of your emails.
sudo useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2
it only works if I enter the root passw0rd, instead of the test user's passw0rd. Why would this be ? The documentation says that it will ask for a password, but for the passw0rd of the user that is running the sudo command.
Did you read the file? Look here: # In the default (unconfigured) configuration, sudo asks for the root password. # This allows use of an ordinary user account for administration of a freshly # installed system. When configuring sudo, delete the two # following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! Do remove or comment out those two lines, as you were "told" :-p - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHiNfdtTMYHG2NR9URAgKEAJ4lOhCeaFp2eSTmVi2hBdaDj0ExXACdFPkt Vj/Dvfo7iWLHE76KM+Pibo0= =kfz5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Dirk Moolman wrote:
I am trying to setup sudo rights on a specific user (username: test), to use the command: useradd
I have not used sudo before, and I played around with /etc/sudoers a bit, but I keep getting the error:
useradd -c "JUST A TEST USER" -d /home/test -s /usr/bin/ksh test2 Cannot lock password file: already locked.
My sudoers file looks like this currently:
/etc/sudoers
# create group LIMITEDTRUST with user test as a member User_Alias LIMITEDTRUST=test Cmnd_Alias PROGRAMS=/usr/sbin/useradd,/usr/bin/ksh ^^^^^^^^^^^^^
Are you crazy???? You realize that by giving a user sudo access to ANY shell (or even an editor which can spawn a shell, like vi), that you are giving the user permission to run ANY program.
# members in the group LIMITEDTRUST are allowed to use sudo only with the commands listed in cmnd alias PROGRAMS
#LIMITEDTRUST ALL=PROGRAMS, NOPASSWD:PROGRAMS LIMITEDTRUST ALL = ALL
I am using Suse SLES9.
What do I need to do / change to get user "test" to be able to use "useradd" ?
Getting useradd to work is the least of your worries at the moment -- Get that ksh command out of there, or else you will find one of your systems TOTALLY screwed up when some user discovers that you're allowing them to run a shell as super-user (root). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Aaron Kulkis -
Carlos E. R. -
Dirk Moolman -
Jerry Feldman