||Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix|
|Recommended Links||Man page||Reference|
|Solaris RBAC||Managing AIX logs||History||Humor||Etc|
RPM is available from IBM AIX toolbox.
Step 1: Download rpm -i sudo-1.6.7p5-3.aix5.1.ppc.rpm from IBM aix toolbox
Step 2: Copy /etc/sudoers from NTI2171 to the server or just uncomment the line in the line
%wheel ALL=(ALL) NOPASSWD: ALL
Step 3: Create wheel group (15) and enroll into it primary (yourself) and secondary admin for the box.
Step 4: You need to enable syslogd in order fro sudo logging work
rpm is standard way to install programs on linux and is available on AIX by default. For details see man rpm.
sudo is controlled by its configuration file /etc/sudoers. The program has a rich selection of configuration options and you may like to read the man page for sudoers and examine the sample configuration file which you'll find in sample.sudoers in the source code directory.
The instructions below describe how to create an sudoers file which allows any user to run the /dialup and /hangup scripts defined in Configuring PPP on Solaris to connect to an ISP and allows a particular user to run any command as root.
One potential difficulty is that the /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and this means that you need at least a basic understanding of how to use this editor. If you aren't already familiar with vi, you'll have to learn it sooner or later so now's a good time to start! But don't worry if you've never used it before - I'll include enough instruction here to enable you to edit the short file created by the installation process and append a couple of lines to it.
To edit /etc/sudoers, make sure you're logged in as root and type:
This starts the vi editor and displays the initial /etc/sudoers file. vi uses what appear at first sight to be commands that aren't exactly intuitive. If you're not familiar with vi, type the following exactly as it appears and note that commands in vi are case sensitive. So don't type a lower-case "g" when the instructions show an upper-case "G".
Move the cursor to the end of the file by typing an upper-case G:
and open a new line just beyond the last line in the file by typing a lower-case o:
vi is now in "edit" mode and anything you type is inserted into the file. If you want everyone (all users) to be able to run the /hangup and /dialup scripts, type the following:
with a TAB character after the first "ALL". That line tells sudo that all users are allowed to execute the scripts /hangup and /dialup as if they were root.
If you want to give just one user, say jim, the ability to run the scripts, type the following instead:
You may like to add another line telling sudo that your own personal user is allowed to do anything as root. Press the ENTER key and, if your own personal user is mike, you'd type:
mike ALL=(root) ALL
again with a TAB character after "mike".
Finally, switch vi back into command mode by pressing the ESCAPE key and exit vi by typing:
followed by ENTER. If you make a mistake at any time, just press the ESCAPE key followed by:
followed by ENTER and vi will return you to the shell command prompt without making any changes to the file.
6. Using sudo:
sudo is simple to use. To execute a command with root privilege, type:
$ sudo name-of-command
If this is the first time you've used sudo since logging in, sudo will ask for your password. The password required at this point is the user's own password, not the root password. So, if you've logged in as user jane and she wants to start a dialup connection to her ISP, she would type:
- sudo /dialup
and sudo responds:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
- 1) Respect the privacy of others.
- 2) Think before you type.
Jane would then type her password and sudo will run the /dialup script for her with root privilege. If further commands are executed using sudo within 5 minutes, it will not ask for a password again.
But if Jane were to try and execute a command without having the necessary permission (as defined in the /etc/sudoers file), sudo will refuse to run it:
$ sudo vi /etc/passwd
Sorry, user jane is not allowed to execute "/usr/bin/vi /etc/passwd" as root on sunbeam.
In this example, sunbeam is the name of the machine.
If you'd prefer not to have to type a password at all, replace the two lines in /etc/sudoers with:
ALL NOPASSWD: ALL=/dialup,/hangup mike ALL=(root) NOPASSWD: ALL
John Hines bigjohn_101 at hotmail.com
Wed Jan 23 11:58:35 MST 2002
- Previous message: trouble with syslog and sudo logs
- Next message: trouble with syslog and sudo logs
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Todd, I made the suggested changes and my sudo logs are no longer going to /var/log/messages, but they are also not going to /var/log/sudo.log. This is the current state of my syslog.conf: # $FreeBSD: src/etc/syslog.conf,v 184.108.40.206 2001/02/26 09:26:11 phk Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err;local2.none /var/log/messages security.* /var/log/security mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/log/cron *.err root *.notice;news.err root *.alert root *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log #*.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log # This logs successful and failed sudo attempts to the file /var/log/sudo.log local2.debug /var/log/sudo.log Thanks for the help, John Hines ----- Original Message ----- From: Todd C. Miller <Todd.Miller at courtesan.com> To: John Hines <bigjohn_101 at hotmail.com> Cc: <sudo-users at sudo.ws> Sent: Tuesday, January 22, 2002 9:49 PM Subject: Re: trouble with syslog and sudo logs > In message <OE16SN2uhoSQD5Y54Qt00012596 at hotmail.com> > so spake "John Hines" (bigjohn_101): > > > # $FreeBSD: src/etc/syslog.conf,v 220.127.116.11 2001/02/26 09:26:11 phk Exp $ > > # > > # Spaces are NOT valid field separators in this file. > > # Consult the syslog.conf(5) manpage. > > *.err;kern.debug;auth.notice;mail.crit /dev/console > > *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > > security.* /var/log/security > > mail.info /var/log/maillog > > lpr.info /var/log/lpd-errs > > cron.* /var/log/cron > > *.err root > > *.notice;news.err root > > *.alert root > > *.emerg * > > # uncomment this to log all writes to /dev/console to = > > /var/log/console.log > > #console.info /var/log/console.log > > # uncomment this to enable logging of all log messages to = > > /var/log/all.log > > #*.* /var/log/all.log > > # uncomment this to enable logging to a remote loghost named loghost > > #*.* @loghost > > # uncomment these if you're running inn > > # news.crit /var/log/news/news.crit > > # news.err /var/log/news/news.err > > # news.notice = > > /var/log/news/news.notice > > !startslip > > *.* /var/log/slip.log > > !ppp > > *.* /var/log/ppp.log > > # This logs successful and failed sudo attempts to the file = > > /var/log/sudo.log > > local2.debug /var/log/sudo.log > > You need to add "local2.none" after the "news.err" in /var/log/messages > line. That will keep sudo messages going to /var/log/messages. > > - todd >
Google matched content
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to to buy a cup of coffee for authors of this site|
Last modified: March 12, 2019