I'm attempting to edited the named.conf file under the etc directory, but the problem is root is the owner and it only allows me read only access. Even though I'm in the (sysadm)group it still won't allow write-access to the file in question. Is there way I can get around this without being root? Is it wise to attempt to change the ownership of the file?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Editing a named.conf file when root is the owner
- Thread starter menace212
- Start date
If you are required to "officially" modify the named.conf file it is likely that you will also need to have access to the zone files to modify also.... ?
If you have been made DNS Master then you will need to ask your (root) sysadmin 'nicely' to set you up in the sudoers file, which "if set correctly" will allow you root privilege to modify the files. Note: Any changes made will also require a restart of named, this will also require you to have (sudo) root access, so ask sysadmin to allow you this also.
If your system does not have sudo then your stumped! What is it in the (named.conf) that your trying to do anyway?
Good Luck,
Laurie.
If you have been made DNS Master then you will need to ask your (root) sysadmin 'nicely' to set you up in the sudoers file, which "if set correctly" will allow you root privilege to modify the files. Note: Any changes made will also require a restart of named, this will also require you to have (sudo) root access, so ask sysadmin to allow you this also.
If your system does not have sudo then your stumped! What is it in the (named.conf) that your trying to do anyway?
Good Luck,
Laurie.
- Thread starter
- #5
You hit it right on the head ask the sys admin nicely....I attempting to add another zone file and your right I need access to modify the host file as well.
sudo huh...Explain how that will work again....Even if use sudo I will still need to the root password to gain access to modify the file right?
sudo huh...Explain how that will work again....Even if use sudo I will still need to the root password to gain access to modify the file right?
No sudo is a program that has a configuration file "sudoers" in this file root can setup a very granular configuration that will allow you as a normal user to run various commands as "su root" wait for it and you are only prompted to use "your" password!
so you would do something on the lines of:
sudo vi /etc/named.conf
You get prompted for a password once, then for a specified time you can pop in and out of that file with: sudo vi /etc/named.conf without being prompted again.
The configuration is so granual that root could only allow you to edit named.conf yourdomain.zone & mydomain.zone files out of 100 files within that directory and allow you to restart named only between the hours of 08:00-17:00
Ok I'm not an expert so take a look at Blah ... wish I hadent written all that now its much better discribed here:
Good Luck,
Laurie.
so you would do something on the lines of:
sudo vi /etc/named.conf
You get prompted for a password once, then for a specified time you can pop in and out of that file with: sudo vi /etc/named.conf without being prompted again.
The configuration is so granual that root could only allow you to edit named.conf yourdomain.zone & mydomain.zone files out of 100 files within that directory and allow you to restart named only between the hours of 08:00-17:00
Ok I'm not an expert so take a look at Blah ... wish I hadent written all that now its much better discribed here:
Good Luck,
Laurie.
I am not fond of the sudoer method only because someone only need get on as that user and they have that capability, at least with just su the person has to know the root password and technically means they are authorized because you told them the password.
Always more than one way to get a job done. Inherent risks either way I suppose...
Cheers!
At least with sudo you have a log of which user executed which command in which directory and at what time.
You may have some of the information in root's .sh_history file (if there is one), but there is no time stamp in .sh_history (as there is in the sudo log) so even if you require su'ing to root rather than direct login you can't be sure who executed which command when. (You'd be surprised the number of systems I've been on that allow you to log in directly as root.)
Also, figuring out which directory the user was in when a command was executed is sometimes important, but is tedious to figure out from the .sh_history, And finally, the .sh_history file is overwritten once it reaches a certain size, so you may lose an important record of a command.
It has been my experience that if you gain the sys admin's confidence and tell them what you need to do, they'll be more likely to give you root. If you go in demanding root and act cavalier toward the OS and its rules, you will never get root and will have a hard time getting sudo.
You may have some of the information in root's .sh_history file (if there is one), but there is no time stamp in .sh_history (as there is in the sudo log) so even if you require su'ing to root rather than direct login you can't be sure who executed which command when. (You'd be surprised the number of systems I've been on that allow you to log in directly as root.)
Also, figuring out which directory the user was in when a command was executed is sometimes important, but is tedious to figure out from the .sh_history, And finally, the .sh_history file is overwritten once it reaches a certain size, so you may lose an important record of a command.
It has been my experience that if you gain the sys admin's confidence and tell them what you need to do, they'll be more likely to give you root. If you go in demanding root and act cavalier toward the OS and its rules, you will never get root and will have a hard time getting sudo.
For a busy DNS Master sudo is the only practical answer.
As a sysadmin I know the pain of having user{s} calling up day after day needing root access, and then you have to change root password then change back when they've done, fill in the log to say who, when and why they needed root, then you can't be sure they did'nt have a play while they were in there.
root is for root only, with sudo you can tie it down to one IP address (or a subnet if you wish) and know that your users can work freely in the environment they are expected to.
Yes I agree one-off's do not justify setting up sudo but for regular user access to system files it is worth the trouble.
Laurie.
As a sysadmin I know the pain of having user{s} calling up day after day needing root access, and then you have to change root password then change back when they've done, fill in the log to say who, when and why they needed root, then you can't be sure they did'nt have a play while they were in there.
root is for root only, with sudo you can tie it down to one IP address (or a subnet if you wish) and know that your users can work freely in the environment they are expected to.
Yes I agree one-off's do not justify setting up sudo but for regular user access to system files it is worth the trouble.
Laurie.
- Thread starter
- #11
- Status
Similar threads
- Locked
- Question