Original Post:
Hello Admins,
I have been using sudo for various functions and have had no problem
configuring it.
However, I can't figure out how to set up sudoers to allow members of the
UNIX "system" group to use only the command "sudo" to switch to root ( same
as `su - ` ) without being prompted for a password.
I have seen this done at other sites.
Thanks.
John
---------------------------------------------------------------------------------------------
Summary:
Thanks to all who replied.
First, it was correctly pointed out that implementing this has significant
security ramifications. It effectively makes having a root password
useless, in that anyone who gets the password for a user who is a member of
the system group, can obtain root access without the root password.
That said, I was looking at this as an exercise with no immediate intention
of doing this on an active system. And after evaluating the security issue,
I do not recommend this.
To set this up, I used visudo to enter the following in /etc/sudoers:
# User alias specification
User_Alias SYSTEM =%system
# User privilege specification
SYSTEM ALL = NOPASSWD: /usr/bin/su
In /etc/profile (We use ksh) (This could also be in each member of the
system group's .profile to prevent non-system group users from having the
alias defined)
# Define aliases
alias sudo='/usr/local/bin/sudo /usr/bin/su -'
With this, any member of the UNIX system group can type "sudo" and become
root without entering a password.
John
Received on Wed Oct 10 2001 - 13:53:04 NZDT