What is the purpose of the sudo facility?
The sudo facility allows specified users to run specific command as root without having to know the root password.
What is the purpose of the sudoer?
sudoers allows root to give other users on the system ability to gain root access.
What caution should we take when giving users ability to run some commands as root?
- We should not give the users access to facilities that provide shell escape capability. This include games and editors.
Sample configuration file
# /etc/sudoers file # This file MUST be edited with the 'visudo' command as root. # Host alias specification User_Alias PROG = khai, frank, bob # Cmnd alias specification Defaults timestamp_timeout=3600 Defaults logfile = /var/log/sudolog # User privileges specification root ALL=(ALL) ALL nagios ALL = NOPASSWD: /code/bin/maintenance.pl # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now PROG ALL=(ALL) ALL khai ALL = NOPASSWD: /usr/bin/send_apache_log.pl, /usr/bin/send_mysql_log.pl robert ALL = NOPASSWD: /bin/chmod
# Host specification: Host_Alias PHYSICS=hamlet, ophelia, laertes Host_Alias CHEM=duncan, puck, brutus # Command alias specification Cmnd_Alias MOUNT=/sbin/mount, /sbin/umount Cmnd_Alias SHUTDOWN=/sbin/shutdown # User specification root ALL=ALL chavez PHYSICS=MOUNT:CHEM=ALL harvey ALL=SHUTDOWN:achilles=/sbin/swapon