On Fri, May 10, John Grantham wrote:
I need to give someone access to my Linux server, which does Apache, SSH, MySQL and mail with Postfix. They need to be able to reconfigure MySQL and Postfix for a project that we are working on, but I don't want to just hand out root access. I figured "sudo" would be the best thing, but don't know for sure how to configure it the right way -- basically they should be able to restart daemons in /etc/init.d and play with MySQL and Postfix, but not change passwords and so on. The user should also have to use their password every time they do a sudo action.
I tried looking at the man page and examples, but I'm totally baffled.
How would I go about doing that? What should the line in /etc/sudoers look like?
An example could look like that: olaf@ibook:~/kde3> sudo -l User olaf may run the following commands on this host: (root) /sbin/pdisk (root) /sbin/insmod, /sbin/rmmod, /sbin/modprobe (root) /etc/init.d/sshd, /etc/init.d/network, /etc/init.d/route olaf@ibook:~/kde3> sudo /sbin/modprobe appletalk olaf@ibook:~/kde3> # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers # file. # # Host alias specification # User alias specification User_Alias PROJECT = olaf # Cmnd alias specification Cmnd_Alias MODUTILS = /sbin/insmod, /sbin/rmmod, /sbin/modprobe Cmnd_Alias DISK = /sbin/pdisk Cmnd_Alias RUNLEVEL = /etc/init.d/sshd, /etc/init.d/network, /etc/init.d/route # User privilege specification root ALL=(ALL) ALL # olaf ALL=(ALL) NOPASSWD: ALL PROJECT ALL=(root) DISK,MODUTILS,RUNLEVEL the basic syntax: who from_where=(what_user) what_commands Some tools can start an editor, like vi. This editor can start a shell, so you can gain root access. Gruss Olaf -- $ man clone BUGS Main feature not yet implemented...