Changes between Version 17 and Version 18 of TipAndDoc/Linux


Ignore:
Timestamp:
May 1, 2013 4:15:41 PM (13 years ago)
Author:
mitty
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TipAndDoc/Linux

    v17 v18  
    3737   * # echo b > /proc/sysrq-trigger 
    3838 
     39 = sudo = 
    3940 * [http://ubuntuforums.org/showthread.php?t=1132821 HowTO: Sudoers Configuration - Ubuntu Forums] 
    4041 > 2) Sudo reads the sudoers file and applies permissions in order from top to bottom. So the last line in the file will overwrite any previous conflict with the config settings. So it is best to put new configuration lines at the bottom. 
     42 
     43 * [http://nixcraft.com/networking-firewalls-security/15132-sudo-exclude-commands-disable-sudo-su-bash-shell.html (Solved) Sudo Exclude Commands And Disable: sudo su -, Bash Shell] 
     44 * 例えば、poweroff, reboot, shutdownコマンドをsudoからは扱えなくするには、以下の様に設定する 
     45  * /etc/sudoers.d/adm 
     46{{{ 
     47Cmnd_Alias PWRCTL = /sbin/poweroff,/sbin/reboot,/sbin/shutdown 
     48%adm    ALL=NOPASSWD: ALL, !PWRCTL 
     49}}} 
     50  * mitty@test:~$ id mitty 
     51{{{ 
     52uid=1001(mitty) gid=1001(mitty) groups=1001(mitty),4(adm) 
     53}}} 
     54  * mitty@test:~$ sudo shutdown 
     55{{{ 
     56Sorry, user mitty is not allowed to execute '/sbin/shutdown' as root on test. 
     57}}} 
     58  * mitty@test:~$ sudo reboot 
     59{{{ 
     60Sorry, user mitty is not allowed to execute '/sbin/reboot' as root on test. 
     61}}} 
     62  * mitty@test:~$ sudo poweroff 
     63{{{ 
     64Sorry, user mitty is not allowed to execute '/sbin/poweroff' as root on test. 
     65}}} 
     66 * 禁止されているコマンドを実行する際は、{{{sudo su -}}}などして別のgroupになってから行う 
    4167 
    4268 = Swap =