Displaying 20 results from an estimated 5000 matches similar to: "strange issues with pam_winbind and sudo"
2005 Oct 26
1
Question about pam_winbind
I was looking at the documentation at samba.org and it says the following:
require_membership_of=[SID or NAME]
If this option is set, pam_winbind will only succeed if the user is a
member of the given SID or NAME. A SID can be either a group-SID, a
alias-SID or even a user-SID. It is also possible to give a NAME instead
of the SID. That name must have the form: /|MYDOMAIN\mygroup|/ or
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi.
I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server. If I were to add "require_membership_of" to pam_winbind to
limit logins and shut out the users I don't want, would it also have the
side effect of denying those users access to the shares as well?
Regards,
2011 Jul 25
3
Sudo #includedir function ignored CentOS 6
I am unable to get the #includedir function to work with sudo. This works
just fine on all my CentOS 5.6 servers, but on 6 it is being ignored. I
have this line in the file /etc/sudoers.d/zabbix-puppet
zabbix ALL=NOPASSWD: /var/lib/zabbix/bin/start_puppet
However sudo still requires a password. If I put that same line into
/etc/sudoers file , there is no password prompt. At the end of my
2019 Aug 16
4
Giving full administrator privileges through sudo on production systems
Hello,
Consider two following cases:
1. On production systems on television stations, a sysadmin give teens
(remaja group, age 13 and older) full administrator privileges by adding
this line to sudoers:
%remaja ALL=(ALL:ALL) ALL
Rationale: Almost all programs on the system can only be run by teens as
root.
2. On production systems on tobacco factories, a sysadmin also give
adults (age 18
2005 Dec 10
6
Wierd ZFS interaction with sudo?
I''ve just installed express b28 on my system. After installing, I
decided to move /opt to a zfs pool home/opt. After installing
Blastwave''s latest sudo, I did my usual edits of sudoers.
When I attempted to execute sudo ls to test things I got this:
rtfm:/opt/csw/etc:>sudo ls
sudo: /opt/csw/etc/sudoers is owned by gid 1, should be 0
But /opt/csw/etc/sudoers permissions
2013 Jul 17
3
sudo add user script
Hello list,
I took another stab at finding a way to add a sudo user remotely and it
gets you most of the way there. If you execute the script as root it works
beautifully and does just what you want. Which is add the user to the
group and gives that user group rights to certain commands.
But if you execute it as a user who only has sudo access to the
/etc/sudoers file it errors out.
cloud:~]
1999 Nov 13
0
Retraction: security hole in sudo allows users full access
I did not understand the man pages for sudo and incorrectly interpreted
the results. I interpreted the ALL to apply to all commands
defined in the sudoers file. Basically, I'm an idiot, but here is the
chain I followed, and the correct interpretation.
In the man pages on sudo, it says the following:
A User_List is made up of one or more usernames, uids
(prefixed with
2012 Nov 08
1
sudo issue error with securing commands
Hi.
I have a user that I want to limit to only running a couple of commands ...
As in here user just copy and paste where needed , sorry thats all your
allowed to do ... but thus far I can't get the syntax correct for the
sudoers file
line 115| greg ALL = /bin/chmod -R o+rx /opt
line 116| greg ALL = /bin/chmod -R ug+rwx /opt
line 117| greg ALL = /bin/chown -R root:root /opt
line
2019 Apr 12
3
Sudo rules in samba with winbind
Hello All,
I am currently changing my samba linux clients (Debian) from sssd binding
to winbind.
With sssd I had all sudo rules within the samba active directory.
The configuration was based on:
https://lists.samba.org/archive/samba/2016-April/199402.html
Is there some guideline like the one mentioned available/has someone
already experience with this for winbind based clients?
Within the
2014 Jan 19
1
sudo (+ldap+kerberos) not accepting password
So I have this centos 5.10 box which authenticates network users
against ldap(authorizing)+kerberos(authentication). And I now would
like to have sudo be able to allow admins (netgroup chinbeards) to
sudo about. I am not using sssd though (yet).
Here is the output of me trying sudo (debug on):
[raub at centos5-x64 ~]$ sudo pwd
LDAP Config Summary
===================
uri
2019 Aug 16
1
Giving full administrator privileges through sudo on production systems
> On Aug 16, 2019, at 6:21 AM, Warren Young <warren at etr-usa.com> wrote:
>
> On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote:
>>
>> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead
2019 Aug 16
0
Giving full administrator privileges through sudo on production systems
On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote:
>
> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead of sysadmin when something breaks?
sudo is a tool for expressing and enforcing a site?s policies
2010 Dec 10
4
sudo doing DNS lookup
Hi,
I have a confusing problem. I have two centos 5,5 boxes. Both have
sudo.i386 1.7.2p1-9.el5_5
installed
I am using the same sudoers file, but the one on box A keeps trying to
do DNS lookups
while the one on box B does not. How do I disable this DNS lookup?
Thanks for any info.
--
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone:
2006 Sep 07
3
Sudo(ers) distrobution system/script
Just wondering if anyone out there is using sudo across a bunch of
machines and has a system/script for painlessly distributing a master
sudoers file? is it as easy as a daily cronjob running wget/scp/rsync?
2007 Apr 04
1
Issue with pam_winbind for MS AD authentication and module options
Hello!
I've configured samba with winbind and pam_winbind module to
authenticate users that connect to my linux box against MS AD.
Works like a charm. If a user exists both in AD and locally, login
should assume local users. Again, it works pretty well (It seems at
least with my current config).
If my AD server goes down for any reason, local users should be able to
login. For example, root
2008 Oct 10
2
sudo
Hi
Biz_User needs to switch to Sales_User, and I tried following in sudoers:
Biz_User ALL=(Sales_User) ALL
but I get following error when I run sudo su - Sales_User
"Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User'
as root on Server_Name"
I know that if I add root in allowed users list, I can switch
to other user , but in that way user can switch to
2010 Jan 22
5
Add /sbin to sudo PATH
Hello,
Does anyone have an idee how to add /sbin to the sudo $PATH environment?
Adding /sbin to .bashrc $PATH isn't really what I want...
I'd like sudoers to be able to run:
$ sudo chkconfig
And not:
$ sudo /sbin/chkconfig
Thanks
Sam
2017 Mar 13
1
pam_winbind with trusted domain
Hi,
I am having problems using pam_winbind to log in as a user in a trusted domain. The arrangement is that Samba is joined to a local domain DOMLOCAL which has a trust setup with DOMREMOTE. getent passwd/group correctly enumerates users and groups from DOMLOCAL.
If I try getent passwd for the DOMREMOTE account no result is returned. pam_winbind has a requirement that the user is a member of
2006 Nov 02
4
Running asterisk with 'sudo'
Hi guys,
I'm using RedHat and am trying to configure my sudo to enable user
'testuser' to run Asterisk. However whenever I try to run 'sudo
asterisk' as 'testuser' I get prompted for password.
This is the line in my sudoers configuration file that I thought should
do the trick, but it doesn't:
testuser ALL=NOPASSWD: /usr/sbin/asterisk
Does anyone know how to
2008 Apr 23
1
nested groups not working with sudo and winbind
Howdy folks,
I'm having an issue with sudo not recognizing nested groups
via AD and winbind. I have an AD group called UnixAdmins and
when I ad and AD account *directly* into this group, I am able
to use sudo just fine as it is in the sudoers. *but* say I
have a nested group in UnixAdmins like CustomerUsers or whatnot
it won't recognize. Now, I also restrict access via pam.d systems-auth