Re: [hobbit] Some newbie help

[Rob Munsch <rmunsch (at) solutionsforprogress.com>]

yah well, fair 'nuff.  this is system administration after all, and i 
suppose every absolute final statement has an "....except when:" after 
it :D.

It was just the bare one-liner 'make hobbit a sudoer' that freaked me 
out a lil.  Certainly for fping it isn't necessary, and your example 
shows specifically how to keep it reined in when it is (sorry, lars, i 
don't mean to pick on you...). 

Scheblein, Adam wrote:

> This is not possible all the time however (and when I was talking about
> wheel before I meant on the server only)  On the client side, on some of
> our boxes, in order to get swap information or some other information
> from TOP we need to run it as sudo,  in which case then I have put the
> following into the sudoers file on the client servers ;)
>
> hobbit		ALL = /usr/local/bin/top, /usr/sbin/swapinfo,\
> /usr/users/hobbit/client/bin/hpux-meminfo
>
> Adam
>
> -----Original Message-----
> From: Rob Munsch [mailto:rmunsch (at) solutionsforprogress.com] 
> Sent: Thursday, January 19, 2006 12:20 PM
> To: hobbit (at) hswn.dk
> Subject: Re: [hobbit] Some newbie help
>
> I have to really, really, really, strongly disagree with this in heavily
>
> emphasized bold type.
>
> With a monitor running on every important machine, one of the things I 
> like is that only the hobbit user can run hobbit, and the hobbit user 
> can't do anything else - including sudo.  It's important not to let 
> 'little holes' like this pile up.  The pile gets large rapidly.
>
> I could go on at length about specifics but i'll leave that to your 
> local security list.  No one except no one should be in sudoers except 
> those that consistently need root privs and use them responsibly.  
> Preferably trusted humans!
>
> lars ebeling wrote:
>
>  
>
> > You should add user hobbit to sudoers.
> >
> > Lars
> >
> >    ----- Original Message -----
> >    *From:* David Gilmore <mailto:david (at) stenhouseconsulting.com>
> >    *To:* hobbit (at) hswn.dk <mailto:hobbit (at) hswn.dk>
> >    *Sent:* Wednesday, January 18, 2006 7:29 PM
> >    *Subject:* [hobbit] Some newbie help
> >
> >    Can anyone help out a Linux newb with this error?
> >     
> >    Execution of '/usr/local/sbin/fping -Ae' failed - program not suid
> >    root?
> >
> >    I am migrating our monitoring from BB installed on Windows to
> >    Hobbit on Linux.  I was able to successfully install FC4, all of
> >    the Hobbit subcomponents, and Hobbit.  Just this one error has me
> >    stumped.  I thought I corrected it by adding hobbit to the WHEEL
> >    group on FC and then editing sudoers file to uncomment WHEEL, but
> >    I still have the error.
> >     
> >    David Gilmore
> >    Consultant
> >    Stenhouse Consulting, LLC.
> >    4 Traverse St
> >    Providence, RI   02906
> >    401.453.6900
> >    401.454.7581 (fax)
> >     
> >
> >    
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe (at) hswn.dk
>
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe (at) hswn.dk
>
>
>