Thursday, December 17, 2009

sudo and sudoers


apt-get install sudo


Do not edit directly the file
To edit it, use the command


# visudo


You will see a file more or less like this.
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
As you can see there is basically one line
root ALL=(ALL) ALL
This lines means that the user root can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.
So the first part is the user, the second is the terminal from where the user can use sudo, the third is as which user he may act, and the last one, is which commands he may run.
Let's see some other examples.
operator ALL= /sbin/poweroff


This makes that users operator can from any terminal, run the command poweroff.
You can also create aliases for: users -> User_Alias, run comands as other users -> Runas_Alias, host -> Host_Alias and command-> Cmnd_Alias
These are some examples:


User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm


As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.
So a typical sudoers file may look like this.
 
User_Alias     OPERATORS = joe, mike, jude
 Runas_Alias    OP = root, operator
 Host_Alias     OFNET = 10.1.2.0/255.255.255.0
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm

OPERATORS ALL=ALL

#The users in the OPERATORS group can run any command from any terminal.

linus ALL=(OP) ALL

# The user linus can run any command from any terminal as any user in the OP group (root or operator).

user2 OFNET=(ALL) ALL

# user user2 may run any command from any machine in the OFNET network, as any user.

user3 ALL= PRINTING

# user user3 may run lpc and lprm from any machine.

go2linux ALL=(ALL) ALL

# user go2linux may run any command from any machine acting as any user. (like Ubuntu)
You may want to read sudoers man page
Posted by Ronjon at 12/17/2009 03:40:00 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)