Solved: Adding commands to sudoers

johnswb · ‎12-12-2007

I've successfully added a few commands to /etc/sudoers and now I would like to add ifconfig. Most of the commands I see are in /usr/bin & /usr/sbin, but I don't see ifconfig. How do I give sudo access to run "sudo ifconfig" and is there a list of all commands that can be added?

Will Johnson VCP on VI3 / VI4 vSphere 5

formulator · ‎12-12-2007

You want to append :/sbin to the line. So you would change the line PATH=$PATH:$HOME/bin to read:

PATH=$PATH:$HOME/bin:/sbin

View solution in original post

petedr · ‎12-12-2007

ifconfig is in /sbin, can you add a cmd alias to /sbin/ifconfig

www.thevirtualheadline.com www.liquidwarelabs.com

johnswb · ‎12-12-2007

I see it in /sbin but I do not see it in /usr/sbin. From what I understand adding commands to /etc/sudoers should only be from /usr/sbin or /usr/bin. Adding from just bin / sbin is a security problem. Is that not correct?

Will Johnson VCP on VI3 / VI4 vSphere 5

petedr · ‎12-12-2007

I am not sure if it is a security issue adding /sbin or not, maybe someone else can comment.

If that is a concern maybe you can create a symbolic link in /usr/sbin to point to the correct command

ln -s /sbin/ifconfig /usr/sbin/link_ifconfig ( link_ifconfig is just a name I picked, it could be anything, you could probably call it ifconfig even ).

not totally sure if this will work but think it should.

www.thevirtualheadline.com www.liquidwarelabs.com

mcowger · ‎12-12-2007

adding from /sbin as compared to /usr/sbin is no different from a security stance. What matters is the command itself, not phsyically where it is.

--Matt VCDX #52 blog.cowger.us

formulator · ‎12-12-2007

Definately not a security risk.

BTW, I'm not sure exaclty what you want to accomplish but just to view interface config with ifconfig you do not need to have root access. There for the is no reason to add it to sudoers if you just want to view config. If you want to make interface config changes with ifconfig then you need to add it to sudoers.

johnswb · ‎12-12-2007

If I logon to the host with the user I created I am unable to run "ifconfig" I get the follwoing.

"-bash: ifconfig: command not found"

I have to switch to root in order to run the command.

Will Johnson VCP on VI3 / VI4 vSphere 5

formulator · ‎12-12-2007

that's because /sbin is not in your $PATH

try:

/sbin/ifconfig

To expand on this, you can type "echo $PATH" to see what $PATH is set to for your current user. You will notice that /sbin is not there, so that means when you type "ifconfig" you are not looking in /sbin for the file ifconfig. If you want to add /sbin you can edit .bash_profile in your home directory. Find the line that begins "PATH=" and append ":/sbin", then logout and back in now if you type "ifconfig" you will get back output and if you type "echo $PATH" you will see that /sbin is now included.

johnswb · ‎12-12-2007

currently I see

"PATH=$PATH:$HOME/bin"

do I add the following below what I already have?

"PATH=$PATH:$HOME/sbin"

Will Johnson VCP on VI3 / VI4 vSphere 5

formulator · ‎12-12-2007

You want to append :/sbin to the line. So you would change the line PATH=$PATH:$HOME/bin to read:

PATH=$PATH:$HOME/bin:/sbin

mcowger · ‎12-12-2007

Change you path to:

$PATH:/sbin:/bin

--Matt VCDX #52 blog.cowger.us

johnswb · ‎12-13-2007

Thanks guys... that did the trick.

Will Johnson VCP on VI3 / VI4 vSphere 5

petedr · ‎12-13-2007

Cool it worked out and was just a path issue

www.thevirtualheadline.com www.liquidwarelabs.com

johnswb · ‎12-13-2007

Yes it was just a path issue. We have several people logging on to the host and I do not want them using root for obvious reasons. So I'm trying to get all the basic commands working in sudo in case they/we need info from the host via ssh or standing in front of the box.

Will Johnson VCP on VI3 / VI4 vSphere 5

petedr · ‎12-13-2007

sounds like a good plan

www.thevirtualheadline.com www.liquidwarelabs.com

All

Adding commands to sudoers