sudo -configuration
1] Introduction:
root is super user with unrestricted access to all system resources and files in Linux OS. The uid and gid of root user is 0 (zero). But many time the system/Linux admin wants to give some restricted access to some user or groups of user. In such case the sudo is the best technique to do this….
sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands. Normally they would not able to do it, due to file permission restrictions. The commands can be run as user “root” or as any other user defined in the /etc/sudoers configuration file.
All commands run as sudo are logged in the log file /var/log/messages.
2] Sudo configuration file – /etc/sudoers
/etc/sudoers file contains all the configuration and permission parameters needed for sudo to work. There are a number of guidelines that need to be followed when editing it with visudo.
Format of sudo file is as below…
user_names/group_name servername = (usernames command can be run as) command
3] How to open sudo file.. /etc/sudoers
Always use visudo command to open /etc/sudoers file
root@indiangnu.org:~# visudo
4] How to permit few user to start/restart/stop apache server.
* open sudore file by using above command
# access to Apache2 and MySQL to webgroup group with out password
%webgroup ALL= NOPASSWD: /etc/init.d/apache2
%webgroup ALL= NOPASSWD: /etc/init.d/mysql restart
web ALL= NOPASSWD: /etc/init.d/apache2
* In above example the users in group webgroup can only restart MySQL, they can’t stop or start MySQL service.
# access to Apache2 with password to user webuser
webuser ALL= /etc/init.d/apache2
# Members of the myroot group may gain root privileges
%myroot ALL=(ALL) ALL
4] How to use sudo
web@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
* Forcing reload of apache 2.0 web server… [ ok ]
web@indiangnu.org:~$
** Here in below example the webuser need to enter his password to very that ‘webuser’ is authentic user.
webuser@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
Password:
* Forcing reload of apache 2.0 web server… [ ok ]
webuser@indiangnu.org:~$
Similar Posts:
- Installing Zabbix (Server and Agent) On Ubuntu Gusty7.10
- Squid with MySQL – authentication
- Asterisk md5secret password problem
- Subversion – How to configure with Apache WebDAV or svnserve
- how to reset MySQL root user password with different methods
- Launching AWS instance using Chef server
- Plesk – “Access Denied” Error while login!!
6 Replies to “sudo -configuration”
can we have a script to determine the name of the users who have sudo access to root.??
Hi!! Santosh,
I am sorry for late response…
you can use below script to find out which user and group has sudo root privileges…
———————–
#!/bin/bash
count=$(cat /etc/sudoers | grep “ALL” | grep -v ^# | wc -l)
for i in $(seq 1 $count)
do
line=$(cat /etc/sudoers | grep “ALL” | grep -v ^# | head -n $i | tail -n 1 | tr “=()” ” “)
cnt=$(echo $line | sed -e ‘s/[^ALL]/ /g’ | wc -w)
if [ $cnt -eq 3 ]; then
myuser=$(echo $line | awk -F’ ‘ ‘{print $1}’)
mygroup=$(echo $myuser | grep ^%)
if [ -z “$mygroup” ]; then
User=”$User $myuser”
else
Group=”$Group $(echo $mygroup | tr “%” ” “)”
fi
fi
done
echo “Users with sudo ‘root’ privileges are => $User”
echo “Groups with sudo ‘root’ privileges are => $Group”
———–
great arun nice script to find sudo users
thanks
hi Arun,
there are many errors when I execute this
script can you please send me the attachment on my email & also send it to santosh.
Thanks
Ravi
getting the errors.
root@test tmp]# sh test.sh
test.sh: line 20: unexpected EOF while looking for matching `”‘
test.sh: line 21: syntax error: unexpected end of file
Hi!! All,
please check you mail.. Actually there is no error in script. The problem is char support in wp-blog