sudo -configuration

sudo -configuration

1] Introduction:

root is super user with unrestricted access to all system resources and files in Linux OS. The uid and gid of root user is 0 (zero). But many time the system/Linux admin wants to give some restricted access to some user or groups of user. In such case the sudo is the best technique to do this….

sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands. Normally they would not able to do it, due to file permission restrictions. The commands can be run as user “root” or as any other user defined in the /etc/sudoers configuration file.

All commands run as sudo are logged in the log file /var/log/messages.

2] Sudo configuration file/etc/sudoers

/etc/sudoers file contains all the configuration and permission parameters needed for sudo to work. There are a number of guidelines that need to be followed when editing it with visudo.

Format of sudo file is as below…

user_names/group_name servername = (usernames command can be run as) command

3] How to open sudo file.. /etc/sudoers

Always use visudo command to open /etc/sudoers file

root@indiangnu.org:~# visudo

4] How to permit few user to start/restart/stop apache server.

* open sudore file by using above command

# access to Apache2 and MySQL to webgroup group with out password

%webgroup ALL= NOPASSWD: /etc/init.d/apache2

%webgroup ALL= NOPASSWD: /etc/init.d/mysql restart

web ALL= NOPASSWD: /etc/init.d/apache2

* In above example the users in group webgroup can only restart MySQL, they can’t stop or start MySQL service.

# access to Apache2 with password to user webuser

webuser ALL= /etc/init.d/apache2

# Members of the myroot group may gain root privileges

%myroot ALL=(ALL) ALL

4] How to use sudo

web@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
* Forcing reload of apache 2.0 web server… [ ok ]
web@indiangnu.org:~$

** Here in below example the webuser need to enter his password to very that ‘webuser’ is authentic user.

webuser@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
Password:
* Forcing reload of apache 2.0 web server… [ ok ]
webuser@indiangnu.org:~$

Similar Posts:

6 Replies to “sudo -configuration”

  1. can we have a script to determine the name of the users who have sudo access to root.??

  2. Hi!! Santosh,

    I am sorry for late response…

    you can use below script to find out which user and group has sudo root privileges…

    ———————–

    #!/bin/bash

    count=$(cat /etc/sudoers | grep “ALL” | grep -v ^# | wc -l)
    for i in $(seq 1 $count)
    do
    line=$(cat /etc/sudoers | grep “ALL” | grep -v ^# | head -n $i | tail -n 1 | tr “=()” ” “)
    cnt=$(echo $line | sed -e ‘s/[^ALL]/ /g’ | wc -w)
    if [ $cnt -eq 3 ]; then
    myuser=$(echo $line | awk -F’ ‘ ‘{print $1}’)
    mygroup=$(echo $myuser | grep ^%)
    if [ -z “$mygroup” ]; then
    User=”$User $myuser”
    else
    Group=”$Group $(echo $mygroup | tr “%” ” “)”
    fi
    fi
    done
    echo “Users with sudo ‘root’ privileges are => $User”
    echo “Groups with sudo ‘root’ privileges are => $Group”

    ———–

  3. hi Arun,
    there are many errors when I execute this
    script can you please send me the attachment on my email & also send it to santosh.
    Thanks
    Ravi

  4. getting the errors.
    root@test tmp]# sh test.sh
    test.sh: line 20: unexpected EOF while looking for matching `”‘
    test.sh: line 21: syntax error: unexpected end of file

Leave a Reply

Your email address will not be published.