usage of sudoers file?

All,

I have sudo setup installed on my Soalris 10 box. Everything working fine as expected. I would like to setup granular level access for one of the user

I use Rational Clearcase application which has its own command prompt /usr/atria/bin/cleartool

Once i invloked i can run its subcommand something like

cleartool> (from here it has lots of sub command)

What i need,

Is there anyway i can speficy in sudoers file such that only following sub command can be executed and other sub command cannot be executed.

/usr/atria/bin/cleartool lsvob
/usr/atria/bin/cleartool lsview

Thanks
Bala

The concept behind SUDO is to allow users to run applications with privileges they normally would not have. So, if you want a user to have access to a command, you would put that command in the sudoers file. Then, by default, the user would not be able to run the other commands with elevated privileges.

I'm not sure how you would prevent a user from using a command with sudo.

HTH

If you specify a command with options/parameters, the associated user(s)/group(s) can only run this command with these exact parameters. If you further specify the path, only this exact command can be run.

An example:

user1 ALL=NOPASSWD: /usr/atria/bin/cleartool lsvob, /usr/atria/bin/cleartool lsview

This will allow user1 to run these two commands as they are without a password. It will not allow any other command, or running cleartool without a command line argument.

Thanks for your response.

After lsvob there will be variable. In this case how do i specify

ex:
/usr/atria/bin/cleartool lsvob /vob/repo1
/usr/atria/bin/cleartool lsvob /vob/repo2
/usr/atria/bin/cleartool lsview myview@host
/usr/atria/bin/cleartool lsview otherview@otherhost

Is there any way i can specify like this

user1 ALL=NOPASSWD: /usr/atria/bin/cleartool lsvob *, /usr/atria/bin/cleartool lsview *

(* = any other parameters)

Thanks
Bala

yes. i suggest you read the sudoers documentation. there is plenty of examples.