similar to: strange issues with pam_winbind and sudo

Displaying 20 results from an estimated 5000 matches similar to: "strange issues with pam_winbind and sudo"

2005 Oct 26
1
Question about pam_winbind
I was looking at the documentation at samba.org and it says the following: require_membership_of=[SID or NAME] If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID can be either a group-SID, a alias-SID or even a user-SID. It is also possible to give a NAME instead of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi. I have some shares on a server that are offered to specific Active Directory user groups, but the business doesn't want those users to be able to login to the server. If I were to add "require_membership_of" to pam_winbind to limit logins and shut out the users I don't want, would it also have the side effect of denying those users access to the shares as well? Regards,
2011 Jul 25
3
Sudo #includedir function ignored CentOS 6
I am unable to get the #includedir function to work with sudo. This works just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I have this line in the file /etc/sudoers.d/zabbix-puppet zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet However sudo still requires a password. If I put that same line into /etc/sudoers file , there is no password prompt. At the end of my
2019 Aug 16
4
Giving full administrator privileges through sudo on production systems
Hello, Consider two following cases: 1. On production systems on television stations, a sysadmin give teens (remaja group, age 13 and older) full administrator privileges by adding this line to sudoers: %remaja ALL=(ALL:ALL) ALL Rationale: Almost all programs on the system can only be run by teens as root. 2. On production systems on tobacco factories, a sysadmin also give adults (age 18
2005 Dec 10
6
Wierd ZFS interaction with sudo?
I''ve just installed express b28 on my system. After installing, I decided to move /opt to a zfs pool home/opt. After installing Blastwave''s latest sudo, I did my usual edits of sudoers. When I attempted to execute sudo ls to test things I got this: rtfm:/opt/csw/etc:>sudo ls sudo: /opt/csw/etc/sudoers is owned by gid 1, should be 0 But /opt/csw/etc/sudoers permissions
2013 Jul 17
3
sudo add user script
Hello list, I took another stab at finding a way to add a sudo user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~]
1999 Nov 13
0
Retraction: security hole in sudo allows users full access
I did not understand the man pages for sudo and incorrectly interpreted the results. I interpreted the ALL to apply to all commands defined in the sudoers file. Basically, I'm an idiot, but here is the chain I followed, and the correct interpretation. In the man pages on sudo, it says the following: A User_List is made up of one or more usernames, uids (prefixed with
2012 Nov 08
1
sudo issue error with securing commands
Hi. I have a user that I want to limit to only running a couple of commands ... As in here user just copy and paste where needed , sorry thats all your allowed to do ... but thus far I can't get the syntax correct for the sudoers file line 115| greg ALL = /bin/chmod -R o+rx /opt line 116| greg ALL = /bin/chmod -R ug+rwx /opt line 117| greg ALL = /bin/chown -R root:root /opt line
2019 Apr 12
3
Sudo rules in samba with winbind
Hello All, I am currently changing my samba linux clients (Debian) from sssd binding to winbind. With sssd I had all sudo rules within the samba active directory. The configuration was based on: https://lists.samba.org/archive/samba/2016-April/199402.html Is there some guideline like the one mentioned available/has someone already experience with this for winbind based clients? Within the
2014 Jan 19
1
sudo (+ldap+kerberos) not accepting password
So I have this centos 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet). Here is the output of me trying sudo (debug on): [raub at centos5-x64 ~]$ sudo pwd LDAP Config Summary =================== uri
2019 Aug 16
1
Giving full administrator privileges through sudo on production systems
> On Aug 16, 2019, at 6:21 AM, Warren Young <warren at etr-usa.com> wrote: > > On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote: >> >> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead
2019 Aug 16
0
Giving full administrator privileges through sudo on production systems
On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote: > > Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead of sysadmin when something breaks? sudo is a tool for expressing and enforcing a site?s policies
2010 Dec 10
4
sudo doing DNS lookup
Hi, I have a confusing problem. I have two centos 5,5 boxes. Both have sudo.i386 1.7.2p1-9.el5_5 installed I am using the same sudoers file, but the one on box A keeps trying to do DNS lookups while the one on box B does not. How do I disable this DNS lookup? Thanks for any info. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone:
2006 Sep 07
3
Sudo(ers) distrobution system/script
Just wondering if anyone out there is using sudo across a bunch of machines and has a system/script for painlessly distributing a master sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?
2007 Apr 04
1
Issue with pam_winbind for MS AD authentication and module options
Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root
2008 Oct 10
2
sudo
Hi Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL but I get following error when I run sudo su - Sales_User "Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name" I know that if I add root in allowed users list, I can switch to other user , but in that way user can switch to
2010 Jan 22
5
Add /sbin to sudo PATH
Hello, Does anyone have an idee how to add /sbin to the sudo $PATH environment? Adding /sbin to .bashrc $PATH isn't really what I want... I'd like sudoers to be able to run: $ sudo chkconfig And not: $ sudo /sbin/chkconfig Thanks Sam
2017 Mar 13
1
pam_winbind with trusted domain
Hi, I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL. If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of
2006 Nov 02
4
Running asterisk with 'sudo'
Hi guys, I'm using RedHat and am trying to configure my sudo to enable user 'testuser' to run Asterisk. However whenever I try to run 'sudo asterisk' as 'testuser' I get prompted for password. This is the line in my sudoers configuration file that I thought should do the trick, but it doesn't: testuser ALL=NOPASSWD: /usr/sbin/asterisk Does anyone know how to
2008 Apr 23
1
nested groups not working with sudo and winbind
Howdy folks, I'm having an issue with sudo not recognizing nested groups via AD and winbind. I have an AD group called UnixAdmins and when I ad and AD account *directly* into this group, I am able to use sudo just fine as it is in the sudoers. *but* say I have a nested group in UnixAdmins like CustomerUsers or whatnot it won't recognize. Now, I also restrict access via pam.d systems-auth