If the syntax in your sudoers file is
For example, suppose I trust user “chris” to run absolutely any command as root, on any system. chris ALL = ALL Giving a single junior sysadmin total control of one of my systems isn’t very likely. As Chris works for me, I know what duties I have assigned him and exactly what commands I want him to be able to run. Suppose Chris is in charge of the nameserver portion of this system. We control actual editing of the zone files with group permissions, but that won’t help when the nameserver must be started, reloaded, or stopped. Here, I’ll give him permission to run just the name daemon controller program, ndc(8), on any machine. chris ALL = /usr/sbin/ndc If I’m sharing this file across several machines, it’s quite probable that many of those machines are not even running a nameserver program. Here, I’ll restrict which machine Chris may run this program on to the server called “dns1.” chris dns1 = /usr/sbin/ndc On the other hand, Chris is the administrator of the email server “mail1.” This server is his responsibility, and he can run any commands on it whatsoever. I can set entirely different permissions for him on the mail server and yet use the same sudoers file on all the systems. chris dns1 = /usr/sbin/ndc chris mail = ALL Multiple Entries in a Field You can specify multiple entries in a single field by separating them with commas. Here, I’d like Chris to be able to mount floppy disks with mount(8), as well as control the nameserver. chris dns1 = /usr/sbin/ndc, /bin/mount Running Commands as Non-root Users You can specify a username in parentheses before a command to say that the user can use sudo to run those commands as that particular user. For example, suppose we have our nameserver set to run as the user “named,” and all commands to control the server must be run as that user. chris dns1 = (named) /usr/sbin/ndc /etc/sudoer Aliases As you can imagine, once you have several different machines with multiple administrators with different levels of privilege, this gets complicated very quickly. When you have a few users with identical privileges, and large lists of commands that you’d like them to be able to use, maintenance becomes a challenge, as you have to wade through long lists of users, commands, and machines. Aliases can simplify these tasks and greatly clean up your sudo(8) configuration. Basically, an alias is a group of users, hosts, or commands. When a user’s duties change, you can just add them to the appropriate user alias to give them correct privileges. If you want your system operators to be able to back up the system but not restore data, you can remove restore(8) from their command alias. When you install a new server, adding the server name to the proper server alias will allow you to instantly give sysadmins the proper permissions to do their jobs. An alias must be defined before it can appear in the sudoers file. For that reason, aliases generally Page 152
Hint: If you are looking for very good and affordable webspace to host and run your j2ee hosting application check Virtualwebstudio j2ee web hosting services