I want to edit my sudoers file so users have different privileges based on where they are logging in from. I want to have 3 different locations: External network(internet), internal(local lan) and the console(user sitting in front of the computer).
defining external and internal would be something like:
Host_Alias PRIVNET = 10.6.66.0/25, 10.6.67.128/28
But how do I define the console?
I donĀ“t want a user to be able to make changes to the firewall or sudoers for example, if he is not on location if something goes wrong or maybe even if his account is compromised.
I just want to make sure that the user is nearby when making critical changes.
Best Answer
The sudoers Host definition (and thus Host_Alias) is meant for defining which hosts this sudoers file entry applies for. In other words, it defines what rights users have on this host, not from which hosts they have these rights. (iirc)
So, to make a long story short, what you want to do, cannot be done with a sudoers entry.