ich möchte aber keinen normalen User anlegen, sondern einen Systemuser mit mehr Rechten
Beiträge von mstraub
-
-
-
-
Hallo,
das wäre die komplette sudoers:
Code
Alles anzeigen## IP addresses, network numbers or netgroups. # Host_Alias WEBSERVERS = www1, www2, www3 ## ## User alias specification ## ## Groups of users. These may consist of user names, uids, Unix groups, ## or netgroups. # User_Alias ADMINS = millert, dowdy, mikef ## ## Cmnd alias specification ## ## Groups of commands. Often used to group related commands together. # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ # /usr/bin/pkill, /usr/bin/top ## ## Defaults specification ## ## Prevent environment variables from influencing programs in an ## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) Defaults always_set_home Defaults env_reset ## Change env_reset to !env_reset in previous line to keep all environment variables ## Following list will no longer be necessary after this change Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" ## Comment out the preceding line and uncomment the following one if you need ## to use special input methods. This may allow users to compromise the root ## account if they are allowed to run commands without authentication. #Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" ## Do not insult users when they enter an incorrect password. Defaults !insults ## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output # Defaults!/sbin/reboot !log_output ## In the default (unconfigured) configuration, sudo asks for the root password. ## This allows use of an ordinary user account for administration of a freshly ## installed system. When configuring sudo, delete the two ## following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ## ## Runas alias specification ## ## ## User privilege specification ## root ALL=(ALL) ALL MeinUser ALL=ALL MeinUser ALL=(ALL) NOPASSWD: /usr/sbin/ntpdate, /usr/sbin/ntpq ## Uncomment to allow members of group wheel to execute any command # %wheel ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## Read drop-in files from /etc/sudoers.d ## (the '#' here does not indicate a comment) #includedir /etc/sudoers.d
-
Guten Tag,
ich habe vor den Befehl "ntpdate" von einem anderen User - nicht root in einem Plugin auszuführen.
Die Rechte von ntpdate sehen wie folgt aus:
-rwxr-x--- 1 root root 103832 Oct 29 2011 ntpdateUm den Befehl nun auszuführen habe ich in der sudoers folgenden Eintrag gemacht:
root ALL=(ALL) ALL
MeinUser ALL=ALL
MeinUser ALL=(ALL) NOPASSWD: /usr/sbin/ntpdate, /usr/sbin/ntpq
Leider funktoniert das Ausführen weiterhin nicht!
Was mache ich falsch? Habe ich einen Fehler in der sudoers oder eine Stelle vergessen, an der ich Änderungen vornehmen muss?
Ich bin dankbar für jede Hilfe!