Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Witam mam pytanie do szanownego grona
Mianowicie jest sobie serwerek daje dostęp około 70 osoba dotychczas byłem jedyną osoba zarządzającą teraz jest nas więcej :)
Więc tak stworzyłem konto o nazwie technicy i usiłowałem poprzez dopisanie w sudo nadać mu prawa do wykonywania określonych operacji ale porażka jest wielka nic nie działa
Na serwerze jest katalog firewall w którym mieszczą się wszystkie potrzebne pliki oraz podział pasma przez niceshaperda który jest w katalogu /etc/
Jak zrobic aby konto technicy miało prawo do wykonywania określonych operacji (dopisywanie maców restart dhcp dzielenie pasma restart niceshaperda )
Robiąc ten serwer korzystałem z tego wątku http://dug.net.pl/texty/masq.php raczej chce uniknąć podawania konta roota
Proszę o pomoc
Offline
visudo ->
technicy ALL=(ALL) ALL
Ostatnio edytowany przez lis6502 (2009-01-21 19:32:38)
Offline
[quote=lis6502]visudo ->
technicy ALL=(ALL) ALL[/quote]
Dostana takie prawa jak root a tego chce uniknać przede wszystkim zabezpieczyc konto roota
Offline
Chyba że chodzi Ci z innej beczki, żeby technicy mogli uruchamiać niektóre, ale nie wszystkie programy na przykład z sbin. W tym celu musiałbyś dodać do path techników /sbin, /usr/sbin i tak dalej i najlepiej ustawić grupowe prawa wykonywania dla określonych programów oraz dla konfigów w /etc.
edyta: Jednak da się prościej. Poczytaj mana sudoers, tam jest pięknie opisane jak dodać komendy do nieuprzywilejowanych użytkowników.
Ostatnio edytowany przez lis6502 (2009-01-21 19:34:58)
Offline
Poprzez sudo usiłowałem to zrobic tak:
mój sudores
User_Alias TECHNICY_USER=technicy # Cmnd alias specification Cmnd_Alias TECHNICY=/firewall/add_host, /firewall/users.list, /firewall/shit.list, /sbin/reboot, /usr/local/bin/niceshaper, /lib/iptables, /sbin/iptables, /etc/init.d/dhcp, /proc/sys/net/ipv4/ip_forwad, /etc/init.d/firewall # User privilege specification root ALL=(ALL) ALL TECHNICY_USER ALL = NOPASSWD: TECHNICY
w profilu uzytkownika technicy zrobiłem aliasy
alias niceshaper='sudo /usr/local/bin/niceshaper' alias add_host='sudo /firewall/add_host' alias users.list='sudo /firewall/users.list' alias shit.list='sudo /firewall/shit.list' alias dhcp='sudo /etc/init.d/dhcp' alias ip_forwad='sudo /proc/sys/net/ipv4/ip_forwad' alias iptables='sudo /sbin/iptables' alias firewall='sudo /etc/init.d/firewall'
Nadałem prawa 777 odpowiednim plikom i katalogom
jednak przy próbie wykonania pliku add_host dostaje komunikat
/etc/init.d/firewall: line 28: iptables: command not found /etc/init.d/firewall: line 29: iptables: command not found /etc/init.d/firewall: line 30: iptables: command not found /etc/init.d/firewall: line 31: iptables: command not found /etc/init.d/firewall: line 32: iptables: command not found /etc/init.d/firewall: line 33: iptables: command not found /etc/init.d/firewall: line 34: iptables: command not found /etc/init.d/firewall: line 35: iptables: command not found /etc/init.d/firewall: line 36: iptables: command not found /etc/init.d/firewall: line 37: iptables: command not found /etc/init.d/firewall: line 38: iptables: command not found /etc/init.d/firewall: line 39: iptables: command not found /etc/init.d/firewall: line 40: iptables: command not found /etc/init.d/firewall: line 41: iptables: command not found zrobione /etc/init.d/firewall: line 44: iptables: command not found /etc/init.d/firewall: line 45: iptables: command not found /etc/init.d/firewall: line 46: iptables: command not found /etc/init.d/firewall: line 47: iptables: command not found /etc/init.d/firewall: line 48: iptables: command not found /etc/init.d/firewall: line 49: iptables: command not found /etc/init.d/firewall: line 53: iptables: command not found /etc/init.d/firewall: line 54: iptables: command not found /etc/init.d/firewall: line 55: iptables: command not found /etc/init.d/firewall: line 56: iptables: command not found /etc/init.d/firewall: line 58: iptables: command not found /etc/init.d/firewall: line 59: iptables: command not found /etc/init.d/firewall: line 60: iptables: command not found /etc/init.d/firewall: line 61: iptables: command not found /etc/init.d/firewall: line 63: iptables: command not found /etc/init.d/firewall: line 64: iptables: command not found /etc/init.d/firewall: line 65: iptables: command not found /etc/init.d/firewall: line 66: iptables: command not found /etc/init.d/firewall: line 68: iptables: command not found /etc/init.d/firewall: line 69: iptables: command not found /etc/init.d/firewall: line 70: iptables: command not found /etc/init.d/firewall: line 71: iptables: command not found /etc/init.d/firewall: line 73: iptables: command not found /etc/init.d/firewall: line 74: iptables: command not found /etc/init.d/firewall: line 75: iptables: command not found /etc/init.d/firewall: line 76: iptables: command not found /etc/init.d/firewall: line 78: iptables: command not found /etc/init.d/firewall: line 79: iptables: command not found /etc/init.d/firewall: line 80: iptables: command not found /etc/init.d/firewall: line 81: iptables: command not found /etc/init.d/firewall: line 83: iptables: command not found /etc/init.d/firewall: line 84: iptables: command not found /etc/init.d/firewall: line 85: iptables: command not found /etc/init.d/firewall: line 86: iptables: command not found /etc/init.d/firewall: line 88: iptables: command not found /etc/init.d/firewall: line 89: iptables: command not found /etc/init.d/firewall: line 90: iptables: command not found /etc/init.d/firewall: line 91: iptables: command not found /etc/init.d/firewall: line 93: iptables: command not found /etc/init.d/firewall: line 94: iptables: command not found /etc/init.d/firewall: line 95: iptables: command not found /etc/init.d/firewall: line 96: iptables: command not found /etc/init.d/firewall: line 98: iptables: command not found /etc/init.d/firewall: line 99: iptables: command not found /etc/init.d/firewall: line 100: iptables: command not found /etc/init.d/firewall: line 101: iptables: command not found /etc/init.d/firewall: line 103: iptables: command not found /etc/init.d/firewall: line 104: iptables: command not found /etc/init.d/firewall: line 105: iptables: command not found /etc/init.d/firewall: line 106: iptables: command not found /etc/init.d/firewall: line 108: iptables: command not found /etc/init.d/firewall: line 109: iptables: command not found /etc/init.d/firewall: line 110: iptables: command not found /etc/init.d/firewall: line 111: iptables: command not found /etc/init.d/firewall: line 114: iptables: command not found /etc/init.d/firewall: line 115: iptables: command not found /etc/init.d/firewall: line 118: iptables: command not found /etc/init.d/firewall: line 119: iptables: command not found /etc/init.d/firewall: line 122: iptables: command not found /etc/init.d/firewall: line 123: iptables: command not found /etc/init.d/firewall: line 126: iptables: command not found /etc/init.d/firewall: line 127: iptables: command not found /etc/init.d/firewall: line 130: iptables: command not found /etc/init.d/firewall: line 131: iptables: command not found /etc/init.d/firewall: line 134: iptables: command not found /etc/init.d/firewall: line 135: iptables: command not found /etc/init.d/firewall: line 138: iptables: command not found /etc/init.d/firewall: line 139: iptables: command not found /etc/init.d/firewall: line 142: iptables: command not found /etc/init.d/firewall: line 143: iptables: command not found /etc/init.d/firewall: line 146: iptables: command not found /etc/init.d/firewall: line 147: iptables: command not found /etc/init.d/firewall: line 150: iptables: command not found /etc/init.d/firewall: line 151: iptables: command not found /etc/init.d/firewall: line 154: iptables: command not found /etc/init.d/firewall: line 155: iptables: command not found /etc/init.d/firewall: line 158: iptables: command not found /etc/init.d/firewall: line 159: iptables: command not found /etc/init.d/firewall: line 162: iptables: command not found /etc/init.d/firewall: line 163: iptables: command not found /etc/init.d/firewall: line 166: iptables: command not found /etc/init.d/firewall: line 167: iptables: command not found /etc/init.d/firewall: line 170: iptables: command not found /etc/init.d/firewall: line 171: iptables: command not found /etc/init.d/firewall: line 174: iptables: command not found /etc/init.d/firewall: line 175: iptables: command not found /etc/init.d/firewall: line 178: iptables: command not found /etc/init.d/firewall: line 179: iptables: command not found /etc/init.d/firewall: line 182: iptables: command not found /etc/init.d/firewall: line 183: iptables: command not found /etc/init.d/firewall: line 186: iptables: command not found /etc/init.d/firewall: line 187: iptables: command not found /etc/init.d/firewall: line 190: iptables: command not found /etc/init.d/firewall: line 191: iptables: command not found /etc/init.d/firewall: line 194: iptables: command not found /etc/init.d/firewall: line 195: iptables: command not found /etc/init.d/firewall: line 198: iptables: command not found /etc/init.d/firewall: line 199: iptables: command not found /etc/init.d/firewall: line 202: iptables: command not found /etc/init.d/firewall: line 203: iptables: command not found /etc/init.d/firewall: line 206: iptables: command not found /etc/init.d/firewall: line 207: iptables: command not found /etc/init.d/firewall: line 210: iptables: command not found /etc/init.d/firewall: line 211: iptables: command not found /etc/init.d/firewall: line 214: iptables: command not found /etc/init.d/firewall: line 215: iptables: command not found /etc/init.d/firewall: line 218: iptables: command not found /etc/init.d/firewall: line 219: iptables: command not found /etc/init.d/firewall: line 222: iptables: command not found /etc/init.d/firewall: line 223: iptables: command not found /etc/init.d/firewall: line 226: iptables: command not found /etc/init.d/firewall: line 227: iptables: command not found /etc/init.d/firewall: line 230: iptables: command not found /etc/init.d/firewall: line 231: iptables: command not found /etc/init.d/firewall: line 234: iptables: command not found /etc/init.d/firewall: line 235: iptables: command not found /etc/init.d/firewall: line 238: iptables: command not found /etc/init.d/firewall: line 239: iptables: command not found /etc/init.d/firewall: line 242: iptables: command not found /etc/init.d/firewall: line 243: iptables: command not found /etc/init.d/firewall: line 246: iptables: command not found /etc/init.d/firewall: line 247: iptables: command not found /etc/init.d/firewall: line 250: iptables: command not found /etc/init.d/firewall: line 251: iptables: command not found /etc/init.d/firewall: line 254: iptables: command not found /etc/init.d/firewall: line 255: iptables: command not found /etc/init.d/firewall: line 258: iptables: command not found /etc/init.d/firewall: line 259: iptables: command not found /etc/init.d/firewall: line 262: iptables: command not found /etc/init.d/firewall: line 263: iptables: command not found /etc/init.d/firewall: line 266: iptables: command not found /etc/init.d/firewall: line 267: iptables: command not found /etc/init.d/firewall: line 270: iptables: command not found /etc/init.d/firewall: line 271: iptables: command not found /etc/init.d/firewall: line 274: iptables: command not found /etc/init.d/firewall: line 275: iptables: command not found /etc/init.d/firewall: line 278: iptables: command not found /etc/init.d/firewall: line 279: iptables: command not found /etc/init.d/firewall: line 282: iptables: command not found /etc/init.d/firewall: line 283: iptables: command not found /etc/init.d/firewall: line 286: iptables: command not found /etc/init.d/firewall: line 287: iptables: command not found /etc/init.d/firewall: line 290: iptables: command not found /etc/init.d/firewall: line 291: iptables: command not found /etc/init.d/firewall: line 294: iptables: command not found /etc/init.d/firewall: line 295: iptables: command not found /etc/init.d/firewall: line 298: iptables: command not found /etc/init.d/firewall: line 299: iptables: command not found /etc/init.d/firewall: line 302: iptables: command not found /etc/init.d/firewall: line 303: iptables: command not found /etc/init.d/firewall: line 306: iptables: command not found /etc/init.d/firewall: line 307: iptables: command not found /etc/init.d/firewall: line 310: iptables: command not found /etc/init.d/firewall: line 311: iptables: command not found /etc/init.d/firewall: line 314: iptables: command not found /etc/init.d/firewall: line 315: iptables: command not found /etc/init.d/firewall: line 318: iptables: command not found /etc/init.d/firewall: line 319: iptables: command not found /etc/init.d/firewall: line 322: iptables: command not found /etc/init.d/firewall: line 323: iptables: command not found /etc/init.d/firewall: line 326: iptables: command not found /etc/init.d/firewall: line 327: iptables: command not found /etc/init.d/firewall: line 330: iptables: command not found /etc/init.d/firewall: line 331: iptables: command not found /etc/init.d/firewall: line 334: iptables: command not found /etc/init.d/firewall: line 335: iptables: command not found /etc/init.d/firewall: line 338: iptables: command not found /etc/init.d/firewall: line 339: iptables: command not found /etc/init.d/firewall: line 342: iptables: command not found /etc/init.d/firewall: line 343: iptables: command not found /etc/init.d/firewall: line 346: iptables: command not found /etc/init.d/firewall: line 347: iptables: command not found /etc/init.d/firewall: line 350: iptables: command not found /etc/init.d/firewall: line 351: iptables: command not found /etc/init.d/firewall: line 354: iptables: command not found /etc/init.d/firewall: line 355: iptables: command not found /etc/init.d/firewall: line 358: iptables: command not found /etc/init.d/firewall: line 359: iptables: command not found /etc/init.d/firewall: line 362: iptables: command not found /etc/init.d/firewall: line 363: iptables: command not found /etc/init.d/firewall: line 366: iptables: command not found /etc/init.d/firewall: line 367: iptables: command not found /etc/init.d/firewall: line 369: iptables: command not found /etc/init.d/firewall: line 370: iptables: command not found /etc/init.d/firewall: line 371: iptables: command not found /etc/init.d/firewall: line 372: iptables: command not found /etc/init.d/firewall: line 373: iptables: command not found /etc/init.d/firewall: line 375: iptables: command not found /etc/init.d/firewall: line 376: iptables: command not found /etc/init.d/firewall: line 377: iptables: command not found /etc/init.d/firewall: line 378: iptables: command not found /etc/init.d/firewall: line 379: iptables: command not found /etc/init.d/firewall: line 381: iptables: command not found /etc/init.d/firewall: line 382: iptables: command not found /etc/init.d/firewall: line 383: iptables: command not found /etc/init.d/firewall: line 384: iptables: command not found /etc/init.d/firewall: line 385: iptables: command not found /etc/init.d/firewall: line 387: iptables: command not found /etc/init.d/firewall: line 388: iptables: command not found /etc/init.d/firewall: line 389: iptables: command not found /etc/init.d/firewall: line 390: iptables: command not found /etc/init.d/firewall: line 391: iptables: command not found /etc/init.d/firewall: line 393: iptables: command not found /etc/init.d/firewall: line 394: iptables: command not found /etc/init.d/firewall: line 395: iptables: command not found /etc/init.d/firewall: line 396: iptables: command not found /etc/init.d/firewall: line 397: iptables: command not found
i jeszcze że serwer dhcp polecenie nie zostało odnalezione może ktos poprowadzić jak zrobic aby mogli wykonywac ten określony program
Ostatnio edytowany przez Zawracki (2009-01-21 19:42:25)
Offline
[quote=Zawracki]
User_Alias TECHNICY_USER=technicy
[/quote]
Słyszałeś kiedyś o grupach?
[quote=Zawracki]Nadałem prawa 777 odpowiednim plikom i katalogom[/quote]
To je czym prędzej zdejmij, żeby Ci jakiś user nie zrobił /sbin/reboot. Takie rzeczy się załatwia [tt]chown[/tt]em i odpowiednimi uprawnieniami grupowymi.
[quote=Zawracki]jednak przy próbie wykonania pliku add_host dostaje komunikat
/etc/init.d/firewall: line 28: iptables: command not found
[/quote]
Jestem dziwnie przekonany, że w pliku [tt]/etc/init.d/firewall[/tt] ścieżka do [i]iptables[/i] jest względna/ licząca na $PATH.
Offline
no własnie szukałem czegos na temat grup ale wyrzuca mase smieci i nic innego może ktos zapodac jakis przykład jak to zrobić
Offline
Do tego zaglądałeś?
man group man groups
Offline
[quote=fnmirk]Do tego zaglądałeś?
man group man groups
[/quote]
Niestety nie ma tam za dużo na temat mi potrzebne
Może ktoś zapodać przykład jak dla konta technicy dać uprawnienie do wykonywania pewnych katalogów i programów ????
Dziękuje
Offline
do wykonywania po prostu to:
* konta uzytkownikow ktorzy maja miec takie uprawnienia naleza do grupy "technicy" jako podstawowej lub dodatkowej
* grupa wlascisielska omawianych plikow/katalogow jest grupa "technicy"
* omawiane pliki/katalogi maja odpowiednie prawa dla grupy (srodkowe pole praw dostepu)
a przy pomocy sudo mozemy im pozwolic na odpalanie wybranej komendy z prawami roota poprzez np.:
%technicy ALL=(ALL) /moja/wspania/komenda
Offline
Time (s) | Query |
---|---|
0.00010 | SET CHARSET latin2 |
0.00007 | SET NAMES latin2 |
0.00094 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.140.198.201' WHERE u.id=1 |
0.00071 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.140.198.201', 1732702895) |
0.00044 | SELECT * FROM punbb_online WHERE logged<1732702595 |
0.00056 | SELECT topic_id FROM punbb_posts WHERE id=108623 |
0.00005 | SELECT id FROM punbb_posts WHERE topic_id=13215 ORDER BY posted |
0.00056 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=13215 AND t.moved_to IS NULL |
0.00005 | SELECT search_for, replace_with FROM punbb_censoring |
0.00137 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=13215 ORDER BY p.id LIMIT 0,25 |
0.00072 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=13215 |
Total query time: 0.00557 s |