hello …

je bloque sur une conf sudo.

J’aimerais pouvoir faire un sudo su tout en gardant mon home initial (pour pouvoir par exemple garder l’historique bash de mon user etc …)

voici mon sudoers :

[code]## Sudoers allows particular users to run various commands as

the root user, without needing the root password.

Examples are provided at the bottom of the file for collections

of related commands, which can then be delegated out to particular

users or groups.

This file must be edited with the ‘visudo’ command.

Host Aliases

Groups of machines. You may prefer to use hostnames (perhaps using

wildcards for entire domains) or IP addresses instead.

Host_Alias FILESERVERS = fs1, fs2

Host_Alias MAILSERVERS = smtp, smtp2

User Aliases

These aren’t often necessary, as you can use regular groups

(ie, from files, LDAP, NIS, etc) in this file - just use %groupname

rather than USERALIAS

User_Alias ADMINS = jsmith, mikem

Command Aliases

These are groups of related commands…

Networking

Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

Installation and management of software

Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

Services

Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

Updating the locate database

Cmnd_Alias LOCATE = /usr/bin/updatedb

Storage

Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

Delegating permissions

Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

Processes

Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

Drivers

Cmnd_Alias DRIVERS = /sbin/modprobe

Defaults specification

Disable "ssh hostname sudo ", because it will show the password in clear.

You have to run "ssh -t hostname sudo ".

Defaults requiretty

Refuse to run if unable to disable echo on the tty. This setting should also be

changed in order to be able to use sudo without a tty. See requiretty above.

Defaults !visiblepw

Preserving HOME has security implications since many programs

use it when searching for configuration files.

Defaults always_set_home

Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += “LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY”

Adding HOME to env_keep may enable a user to run unrestricted

commands via sudo.

Defaults env_keep += “HOME”

Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin

Next comes the main part: which users can run what software on

which machines (the sudoers file can be shared between multiple

systems).

Syntax:

user MACHINE=COMMANDS

The COMMANDS section may have other options added to it.

Allow root to run any commands anywhere

ALL ALL=(ALL) NOPASSWD: ALL

Allows members of the ‘sys’ group to run networking, software,

service management apps and more.

%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

Same thing without a password

%wheel ALL=(ALL) NOPASSWD: ALL

Allows members of the users group to mount and unmount the

cdrom as root

%users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

Allows members of the users group to shutdown this system

%users localhost=/sbin/shutdown -h now

Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

#includedir /etc/sudoers.d
[/code]

le .bashrc de mon root :

[code]# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

Global variables

export PATH=/opt/ant/bin:/opt/jdk/bin:$PATH
export ANT_HOME=/opt/ant
export JAVA_HOME=/opt/jdk

Various system settings

export LANG=“en_US.UTF-8"
export EDITOR=/usr/bin/vim
export HISTTIMEFORMAT=”%F %T "
export HISTFILE=~/.bash_history
export HISTSIZE=5000
export SAVEHIST=5000
export GREP_OPTIONS=’–color=auto’
export GREP_COLOR=‘1;32’

Aliases

alias dos2unix='dos2unix -k’
alias scp='scp -p’
alias rm='rm -i’
alias mv='mv -i’
alias cp='cp -ip’
alias ls='ls --color=auto’
alias ll=‘ls -la’
#alias top='top -c -d 05.00’
alias top='htop -d 50’
alias htop=‘htop -d 50’

Colors used for prompt

NORMAL=$’\e[0m’
RED=$’\e[0;31m’
LRED=$’\e[1;31m’
GREEN=$’\e[0;32m’
LGREEN=$’\e[1;32m’
YELLOW=$’\e[0;33m’
LYELLOW=$’\e[1;33m’
BLUE=$’\e[0;34m’
LBLUE=$’\e[1;34m’
MAGENTA=$’\e[0;35m’
LMAGENTA=$’\e[1;35m’
CYAN=$’\e[0;36m’
LCYAN=$’\e[1;36m’
WHITE=$’\e[0;37m’
LWHITE=$’\e[1;37m’

Prompt displayed as <17:18>[root@hostname:/opt]# with colors

#export PS1="$LBLUE<$CYAN\t$LBLUE>[$LRED\u@\h$LBLUE:$YELLOW\w$LBLUE]$LWHITE#$NORMAL “
export PS1=”[$LBLUE]<[$CYAN]\t[$LBLUE]>[[$LRED]\u@\h[$LBLUE]:[$YELLOW]\w[$LBLUE]][$LWHITE]#[$NORMAL] "
[/code]

c’est quoi le soucis ???

Salut,

Je ne comprend pas trop ton problème. Tu pourrais détailler un peu plus le problème ?

En fait, j’aimerais pouvoir faire un sudo su (pour passer en root) tout en gardant l’historique de mon utilisateur dans son home initial (pour ne pas avoir l’historique dans l’historique de root)

Actuellement, avec cette conf, je me loggue en user A, je tape des commandes et elles sont bien dans ~A/.bash_history.
Je fais sudo su, je tape des commandes mais elle se trouve dans ~root/.bash_history ce que je ne veux pas (pour pouvoir bien différencier les commandes de chaque utilisateur)

Mieux ainsi ?

Salut,
Dans le cas particulier de su ça ne doit pas être possible.
Sudo ne fait, dans ce cas là, que demander le mot de passe de l’utilisateur pour lancer la commande su (au lieu du mot de passe de l’utilisateur appelé par su - root si rien n’est pécisé).
Une fois la session ouverte avec su, tu n’es plus le même, donc impossible de renvoyer l’historique dans le /home de celui qui a lancé la commande (su ou sudo su).

salut,

ouai merci … c’est bien ce que je pensais … malheureusement …

Je vais tenter de trouver une bidouille …

En fait, j’y pense … mais si on peut se passer de su … why not !

le but est que l’utilisateur possède les droits root mais que sont historique lui soit unique

Bidouille moche :

dans le .bashrc de mon root

export HISTFILE=$PWD/.bash_history

Salut,
Oui, moche…
Il vaut mieux te mettre dans sudoers et taper toutes les commandes avec sudo.