visudo

linux

What is the purpose of the sudo facility?

The sudo facility allows specified users to run specific command as root without having to know the root password.

What is the purpose of the sudoer?

sudoers allows root to give other users on the system ability to gain root access.

What caution should we take when giving users ability to run some commands as root?

  1. We should not give the users access to facilities that provide shell escape capability. This include games and editors.

Sample configuration file

# /etc/sudoers file
# This file MUST be edited with the 'visudo' command as root.

# Host alias specification
User_Alias PROG = khai, frank, bob

# Cmnd alias specification
Defaults timestamp_timeout=3600
Defaults logfile = /var/log/sudolog

# User privileges specification
root ALL=(ALL) ALL
nagios ALL = NOPASSWD: /code/bin/maintenance.pl

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now

PROG ALL=(ALL) ALL
khai ALL = NOPASSWD: /usr/bin/send_apache_log.pl, /usr/bin/send_mysql_log.pl
robert ALL = NOPASSWD: /bin/chmod
# Host specification:
Host_Alias    PHYSICS=hamlet, ophelia, laertes
Host_Alias    CHEM=duncan, puck, brutus

# Command alias specification
Cmnd_Alias    MOUNT=/sbin/mount, /sbin/umount
Cmnd_Alias    SHUTDOWN=/sbin/shutdown

# User specification
root    ALL=ALL
chavez    PHYSICS=MOUNT:CHEM=ALL
harvey    ALL=SHUTDOWN:achilles=/sbin/swapon
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License