Restricting root to specific network while leaving other accounts unaffected
Walter Dnes
waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
Mon Jul 15 01:26:40 UTC 2013
On Sun, Jul 14, 2013 at 08:51:07PM -0400, Anthony Verevkin wrote
>
> > From: "William Muriithi" <william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>
> > Sudo only work locally so I don't see
> > how it can be useful.
>
> Sudo does not only work locally. You can ssh to the server and sudo there.
Very true. My "hot backup" machine is "d531" (a Dell Dimension 530),
and my main desktop is "i660" (a Dell Inspiron 660). I can shut down
d531 from i660 with the command...
ssh waltdnes at d531 sudo /sbin/poweroff
Actually, I put it in a script on i660 as ~/bin/stop531 which is a lot
easier to remember. The machine d531 has the line...
waltdnes d531 = (root) NOPASSWD: /sbin/poweroff
...in /etc/sudoers.d/001 in order to allow this. You can have a special
"admin" user with only regular privileges on your target machine. And
specify in files in /etc/sudoers.d/ exactly what commands it's allowed
to execute as root.
--
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org>
I don't run "desktop environments"; I run useful applications
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list