09-24-2012 03:18 AM
Hi Team ,
i have to give sudo rights to my prodctn team to unlock users only during odd hrs.
# Host Aliases
# User Aliases
# Command Aliases
Cmnd_Alias COMMAND1=/usr/lbin/modprpw -kl
# User Privilege section
EDI HR=NOPASSWD: COMMAND1
When i chk it by logging through unlockid i getba msg saying ;
"Sorry, user unlockid is not allowed to execute '/usr/lbin/modprpw -kl test' as root on uranus"
Solved! Go to Solution.
09-24-2012 07:15 AM
If the Cmnd_Alias includes options, the user is now allowed to run the command only with the exact options specified in the alias specification, and nothing else.
If no options are included in the allowed command, then the user is allowed the run the command with any options.
If you want to allow running a command through sudo with no options, you would have to add an empty set of quotes:
Cmnd_Alias ALLOWED_ONLY_WITHOUT_OPTIONS=/some/command ""
In order to require options -kl but allow anything after that, you must add a wildcard to the Cmnd_Alias line.
I would also use meaningful alias names, i.e.:
... Cmnd_Alias UNLOCKUSERS=/usr/lbin/modprpw -kl * # User Privilege section EDI HR=NOPASSWD: UNLOCKUSERS ...