From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pradeep Kumar Sadanapalli Subject: Re: Sudo Date: Thu, 19 Jun 2003 14:08:00 -0700 (PDT) Sender: linux-admin-owner@vger.kernel.org Message-ID: <20030619210801.298A0445D@sitemail.everyone.net> Reply-To: spradeep@ceeby.com Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline List-Id: Content-Type: text/plain; charset="us-ascii" To: Subhash Bhushan , spradeep@ceeby.com Cc: linux-admin@vger.kernel.org Thanks subhash for guiding me in the right direction and thank you all for all your responses . This is what I did. In the sudoers file,I added this " #To restrict the user in installing any rpm starting with abc Cmnd_Alias NOACCESS = /bin/rpm *abc* user1 host-name=NOACCESS " Now the user 'user1' will not be able to install/uninstall/query any rpm package that has abc in it. But the problem is , say user1 wants to install abc.rpm and as he is restricted , he/she cannot install. But there is one way. If the user changes the name of the rpm, say "cp abc.rpm xyz.rpm" and then user1 can easily install xyz.rpm . And if you login as root and query for the package abc.rpm, it says abc.rpm is installed , even though the user has installed it with a different name. How to get rid of this? Is it possible to detect which rpm package is going t o be installed , even if it's name is changed, by somehow looking into internal packages or something like that. Please help me with this. I hope I made my point clear. Thanks a lot in advance.... --- "Subhash Bhushan" wrote: >>From: Pradeep Kumar Sadanapalli >>Reply-To: spradeep@ceeby.com >>To: linux-admin@vger.kernel.org >>Subject: Sudo >>Date: Tue, 17 Jun 2003 20:16:59 -0700 (PDT) >> >>Hi, >>I have given sudo rights to a user for the command "rpm" . but within rpm, >>I want to keep some restrictions. For example, the user should not be able >>to run "rpm" to install a package I wish, say "abc.rpm" . >> >>That means "sudo rpm -ivh any.rpm" should work except "sudo rpm -ivh >>abc.rpm" >> >>Is it possible? If so, please help me out how to do this. I hope I am clear >>with what I intend to do . >> >>Thanks in advance.... >> > > >Specify a command alias with the specific rpm command that you want to deny. >Specify a user alias for all the users you want to prevent from running this >command. >In the user previlege specification, negate the permission for the running >the command for those users. > >The trick is to specify the complete command in the command alias. Be >careful not to allow any combinations of rpm command to be able to run with >that specific rpm. > >Subhash Bhushan. > > > >_____________________________________________________________ >>Search - Browse - Communicate >>http://www.ceeby.com >>Best Meta Search Engine on the Web. >> >>_____________________________________________________________ >>Select your own custom email address for FREE! Get you@yourchoice.com, No >>Ads, 6MB, IMAP, POP, SMTP & more! >>http://www.everyone.net/selectmail?campaign=tag >>- >>To unsubscribe from this list: send the line "unsubscribe linux-admin" in >>the body of a message to majordomo@vger.kernel.org >>More majordomo info at http://vger.kernel.org/majordomo-info.html > >_________________________________________________________________ >Bollywood's back! Will June keep up the tempo? >http://server1.msn.co.in/features/junemovies03/index.asp _____________________________________________________________ Search - Browse - Communicate http://www.ceeby.com Best Meta Search Engine on the Web. _____________________________________________________________ Select your own custom email address for FREE! Get you@yourchoice.com, No Ads, 6MB, IMAP, POP, SMTP & more! http://www.everyone.net/selectmail?campaign=tag