Comments on: Allowing Limited Sudo Access With Visudo http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/ Enhancing your Ubuntu experience! Thu, 02 Feb 2012 10:29:43 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Christer Edwards http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-11785 Christer Edwards Sat, 31 Jul 2010 12:46:28 +0000 http://ubuntu-tutorials.com/?p=291#comment-11785 @Adiseno - I'll repeat TuxGirl's remark that it is *never* a good idea to give access to an editor, and not just for the sake of being able to access or edit the sudoers file. Give yourself sudo access to vim, and within vim run: ':!bash'. You've just rooted the box. @Adiseno – I’ll repeat TuxGirl’s remark that it is *never* a good idea to give access to an editor, and not just for the sake of being able to access or edit the sudoers file.

Give yourself sudo access to vim, and within vim run: ‘:!bash’. You’ve just rooted the box.

]]> By: Adiseno http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-11774 Adiseno Fri, 30 Jul 2010 13:20:44 +0000 http://ubuntu-tutorials.com/?p=291#comment-11774 <blockquote cite="#commentbody-1169"> <strong><a href="#comment-1169" rel="nofollow"> TuxGirl </a> :</strong>One recommendation I have is to make sure you prevent others from having sudo rights to: * editors * shells * anything that can open or act as an editor or shell Why? Very simple. If they can “sudo bash”, they now have full root access. If they can “sudo vim /etc/sudoers”, they’ve got full root access. Just some interesting holes that I think a lot of us forget about. I know I don’t always think of this type of little detail. ~TuxGirl</blockquote> it's simple it's ok to give user permission using vim, for example you simply add like this mike ALL=(root) /usr/bin/aptitude, /usr/bin/apt-get, /bin/vim, !/bin/vim /etc/sudoers and now user mike can use vim to edit all of file, except /etc/sudoers i hope that can help you..

TuxGirl :One recommendation I have is to make sure you prevent others from having sudo rights to: * editors * shells * anything that can open or act as an editor or shell Why? Very simple. If they can “sudo bash”, they now have full root access. If they can “sudo vim /etc/sudoers”, they’ve got full root access. Just some interesting holes that I think a lot of us forget about. I know I don’t always think of this type of little detail. ~TuxGirl

it’s simple

it’s ok to give user permission using vim, for example you simply add like this

mike ALL=(root) /usr/bin/aptitude, /usr/bin/apt-get, /bin/vim, !/bin/vim /etc/sudoers

and now user mike can use vim to edit all of file, except /etc/sudoers

i hope that can help you..

]]> By: Live http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-11069 Live Fri, 28 May 2010 02:38:43 +0000 http://ubuntu-tutorials.com/?p=291#comment-11069 Now, I have a question, what if I want the OPPOSITE? For example, if I have another user in my Ubuntu. They can type: VirtualBox in the command line and they can run the VirtualBox program. What will I do so that they can't run it? Thanks. Now, I have a question, what if I want the OPPOSITE?

For example, if I have another user in my Ubuntu. They can type: VirtualBox in the command line and they can run the VirtualBox program.

What will I do so that they can’t run it?

Thanks.

]]> By: jenicun http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-5998 jenicun Mon, 27 Oct 2008 09:15:56 +0000 http://ubuntu-tutorials.com/?p=291#comment-5998 guyz, I have some problems. After i edit the configuration files using sudo visudo (I changed the root user so it dont have password), i cant login anymore. btw, im using putty to login. Can someone help ? thanks guyz, I have some problems. After i edit the configuration files using sudo visudo (I changed the root user so it dont have password), i cant login anymore. btw, im using putty to login. Can someone help ? thanks

]]> By: Christer Edwards http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-3624 Christer Edwards Thu, 31 Jan 2008 04:03:36 +0000 http://ubuntu-tutorials.com/?p=291#comment-3624 @Cliff - by default the first user created is is given sudo privileges. If you are not that user you'll need to login as that user or reboot into recovery mode and add yourself to the file manually. @Cliff – by default the first user created is is given sudo privileges. If you are not that user you’ll need to login as that user or reboot into recovery mode and add yourself to the file manually.

]]> By: Cliff Riddlebarger http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-3623 Cliff Riddlebarger Thu, 31 Jan 2008 03:24:51 +0000 http://ubuntu-tutorials.com/?p=291#comment-3623 My sudo command does not work. It says my user Name is not in the sudoers file, but, visudo won't let me edit sudoers. Like above I can't sudo visudo. I'm stuck in this loop. Is there a way out? TIA, cliff My sudo command does not work. It says my user
Name is not in the sudoers file, but, visudo
won’t let me edit sudoers. Like above I can’t sudo visudo. I’m stuck in this loop. Is there a way out?
TIA,
cliff

]]> By: chrisolsen.org » Blog Archive » Rails setup on Linode http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-1170 chrisolsen.org » Blog Archive » Rails setup on Linode Fri, 14 Sep 2007 00:15:58 +0000 http://ubuntu-tutorials.com/?p=291#comment-1170 [...] Add the following line just under where root is granted all permissions. More information on this can be found here. [...] [...] Add the following line just under where root is granted all permissions. More information on this can be found here. [...]

]]> By: TuxGirl http://ubuntu-tutorials.com/2007/03/01/allowing-limited-sudo-access-with-visudo/#comment-1169 TuxGirl Fri, 02 Mar 2007 05:16:45 +0000 http://ubuntu-tutorials.com/?p=291#comment-1169 One recommendation I have is to make sure you prevent others from having sudo rights to: * editors * shells * anything that can open or act as an editor or shell Why? Very simple. If they can "sudo bash", they now have full root access. If they can "sudo vim /etc/sudoers", they've got full root access. Just some interesting holes that I think a lot of us forget about. I know I don't always think of this type of little detail. ~TuxGirl One recommendation I have is to make sure you prevent others from having sudo rights to:
* editors
* shells
* anything that can open or act as an editor or shell
Why? Very simple. If they can “sudo bash”, they now have full root access. If they can “sudo vim /etc/sudoers”, they’ve got full root access.
Just some interesting holes that I think a lot of us forget about. I know I don’t always think of this type of little detail.
~TuxGirl

]]>