similar to: strange issues with pam_winbind and sudo

I was looking at the documentation at samba.org and it says the following: require_membership_of=[SID or NAME] If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, a alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or

Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,

I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my

Hello, Consider two following cases: 1. On production systems on television stations, a sysadmin give teens (remaja group, age 13 and older) full administrator privileges by adding this line to sudoers: %remaja ALL=(ALL:ALL) ALL Rationale: Almost all programs on the system can only be run by teens as root. 2. On production systems on tobacco factories, a sysadmin also give adults (age 18

I''ve just installed express b28 on my system. After installing, I decided to move /opt to a zfs pool home/opt. After installing Blastwave''s latest sudo, I did my usual edits of sudoers. When I attempted to execute sudo ls to test things I got this: rtfm:/opt/csw/etc:>sudo ls sudo: /opt/csw/etc/sudoers is owned by gid 1, should be 0 But /opt/csw/etc/sudoers permissions

Hello list, I took another stab at finding a way to add a sudo user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~]

I did not understand the man pages for sudo and incorrectly interpreted the results. I interpreted the ALL to apply to all commands defined in the sudoers file. Basically, I'm an idiot, but here is the chain I followed, and the correct interpretation. In the man pages on sudo, it says the following: A User_List is made up of one or more usernames, uids (prefixed with

Hi. I have a user that I want to limit to only running a couple of commands ... As in here user just copy and paste where needed , sorry thats all your allowed to do ... but thus far I can't get the syntax correct for the sudoers file line 115| greg ALL = /bin/chmod -R o+rx /opt line 116| greg ALL = /bin/chmod -R ug+rwx /opt line 117| greg ALL = /bin/chown -R root:root /opt line

Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the

So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri

> On Aug 16, 2019, at 6:21 AM, Warren Young <warren at etr-usa.com> wrote: > > On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote: >> >> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead

On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote: > > Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead of sysadmin when something breaks? sudo is a tool for expressing and enforcing a site?s policies

Hi, I have a confusing problem. I have two centos 5,5 boxes. Both have sudo.i386 1.7.2p1-9.el5_5 installed I am using the same sudoers file, but the one on box A keeps trying to do DNS lookups while the one on box B does not. How do I disable this DNS lookup? Thanks for any info. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone:

Just wondering if anyone out there is using sudo across a bunch of machines and has a system/script for painlessly distributing a master sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?

Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root

Hi Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL but I get following error when I run sudo su - Sales_User "Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name" I know that if I add root in allowed users list, I can switch to other user , but in that way user can switch to

Hello, Does anyone have an idee how to add /sbin to the sudo $PATH environment? Adding /sbin to .bashrc $PATH isn't really what I want... I'd like sudoers to be able to run: $ sudo chkconfig And not: $ sudo /sbin/chkconfig Thanks Sam

Hi, I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL. If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of

Hi guys, I'm using RedHat and am trying to configure my sudo to enable user 'testuser' to run Asterisk. However whenever I try to run 'sudo asterisk' as 'testuser' I get prompted for password. This is the line in my sudoers configuration file that I thought should do the trick, but it doesn't: testuser ALL=NOPASSWD: /usr/sbin/asterisk Does anyone know how to

Howdy folks, I'm having an issue with sudo not recognizing nested groups via AD and winbind. I have an AD group called UnixAdmins and when I ad and AD account *directly* into this group, I am able to use sudo just fine as it is in the sudoers. *but* say I have a nested group in UnixAdmins like CustomerUsers or whatnot it won't recognize. Now, I also restrict access via pam.d systems-auth