ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Can someone help explain this alias part to me?

    IT Discussion
    sudoers least permission
    2
    7
    243
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by

      I am looking at this tutorial and trying to figure out how I add my user to the alias group "SUDOER" as in the example. It seems like the sudoers file is missing at least one line.

      e744f8af-314a-498c-a386-0985b70c2b44-image.png

      Do I need to add something like this?

      User_Alias SUDOER = accountname
      

      I dont know what they are trying to accomplish with :

      User_Alias SUDOER = higher_priveleged
      

      Are they just saying that is where the username is supposed to go?

      travisdh1T 1 Reply Last reply Reply Quote 0
      • travisdh1T
        travisdh1 @IRJ
        last edited by

        @IRJ That User_Alias is just another way to group users together within the sudoers file. Just ignore that part and use the standard system groups if you need to grant sudo permissions to multiple people. Typically wheel.

        Within the sudoers file, uncomment or add

         %wheel        ALL=(ALL)       ALL
        

        Then add users to the wheel group

        usermod -aG wheel USERNAME
        

        That should be it, unless you need to lock things down to only running certain programs. Which is still simple, but get tedious if you aren't managing servers with a state management system of some sort.

        IRJI 1 Reply Last reply Reply Quote 0
        • IRJI
          IRJ @travisdh1
          last edited by

          @travisdh1 said in Can someone help explain this alias part to me?:

          @IRJ That User_Alias is just another way to group users together within the sudoers file. Just ignore that part and use the standard system groups if you need to grant sudo permissions to multiple people. Typically wheel.

          Within the sudoers file, uncomment or add

           %wheel        ALL=(ALL)       ALL
          

          Then add users to the wheel group

          usermod -aG wheel USERNAME
          

          That should be it, unless you need to lock things down to only running certain programs. Which is still simple, but get tedious if you aren't managing servers with a state management system of some sort.

          Yeah I am trying to use minimum permission on this account. I will use groups instead of the alias thing though. Good idea

          1 Reply Last reply Reply Quote 1
          • IRJI
            IRJ
            last edited by

            This is actually a decent explanation of what I am trying to do:

            https://community.spiceworks.com/topic/108735-scanning-linux-devices-with-non-root-user

            travisdh1T 1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1 @IRJ
              last edited by

              @IRJ said in Can someone help explain this alias part to me?:

              This is actually a decent explanation of what I am trying to do:

              https://community.spiceworks.com/topic/108735-scanning-linux-devices-with-non-root-user

              That original one, while technically correct, seems purposely made more difficult to me.

              Ugh, that 🌶 thread, don't name your custom script the same thing as the program being run, FFS.

              This is where I have to ask, what exactly are you trying to accomplish? Just grab system information with dmidecode, or something different?

              IRJI 1 Reply Last reply Reply Quote 1
              • IRJI
                IRJ @travisdh1
                last edited by

                @travisdh1 said in Can someone help explain this alias part to me?:

                @IRJ said in Can someone help explain this alias part to me?:

                This is actually a decent explanation of what I am trying to do:

                https://community.spiceworks.com/topic/108735-scanning-linux-devices-with-non-root-user

                That original one, while technically correct, seems purposely made more difficult to me.

                Ugh, that 🌶 thread, don't name your custom script the same thing as the program being run, FFS.

                This is where I have to ask, what exactly are you trying to accomplish? Just grab system information with dmidecode, or something different?

                https://www.tenable.com/blog/configuring-least-privilege-ssh-scans-with-nessus

                travisdh1T 1 Reply Last reply Reply Quote 0
                • travisdh1T
                  travisdh1 @IRJ
                  last edited by

                  @IRJ said in Can someone help explain this alias part to me?:

                  @travisdh1 said in Can someone help explain this alias part to me?:

                  @IRJ said in Can someone help explain this alias part to me?:

                  This is actually a decent explanation of what I am trying to do:

                  https://community.spiceworks.com/topic/108735-scanning-linux-devices-with-non-root-user

                  That original one, while technically correct, seems purposely made more difficult to me.

                  Ugh, that 🌶 thread, don't name your custom script the same thing as the program being run, FFS.

                  This is where I have to ask, what exactly are you trying to accomplish? Just grab system information with dmidecode, or something different?

                  https://www.tenable.com/blog/configuring-least-privilege-ssh-scans-with-nessus

                  All right, not the greatest tutorial/how-to ever. You should only need a single user to accomplish this, so the whole group and alias conversation is pointless.

                  Just follow the rest of that tutorial, adding only the needed programs to the sudoers file.

                  nessus_user ALL=NOPASSWD: /usr/bin/program1, /usr/bin/program2
                  
                  1 Reply Last reply Reply Quote 1
                  • 1 / 1
                  • First post
                    Last post