configuring sudo access for some users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi friends,

I want to configure sudo access for some users on my system. I am currently using FC7 on my system. What they require (I mean users) is to do all the things except they cannot su/su- to become anyother user or root user, they should not be able to change anybody's password or atleast root's password, cannot modify /etc/sudoers and  etc/pam.d/su files . I have a script which can extract all commands issued with "sudo" but if these users become root then I won't be able to know who has done what.


I have already restricted su/su - access by editing /etc/pam.d/su  and uncommenting the below line:

# Uncomment the following line to require a user to be in the "wheel" group.
auth            required        pam_wheel.so use_uid


Authentication on my system is done through LDAP but also Use MD5, Use Shadow and Local Authorization is sufficient options are enabled so that local user for ex myself can login without authenticating to LDAP. Users for which i want to configure sudo access will all be authenticated through LDAP.

Currently I have added these 2 lines in /etc/sudoers (I used visudo command to edit this file)

test ALL=(ALL) ALL, !/usr/bin/su
test2 ALL=(ALL) ALL, !/usr/bin/su


Both test and test2 are able to become root when they use "sudo su - " but they are not able to become root user when they issue "su -". How do I restrict these users not to become root or any other user through sudo su - and also these users should not able to change their or other users passwords on this system.


Thanks & Regards

Ankush Grover








-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux