Saturday, December 5, 2015

what is meant by sudo in linux ?

what is mean by sudo?

sudo  is a program for linux-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.

Who can execute ‘sudo’?

We can run ‘visudo‘ to add/remove the list of users who can execute ‘sudo‘

The sudo list looks like the below string, by default:

root ALL=(ALL) ALL

Granting sudo Access

In many situation, System Administrator, specially new to the field finds the string “root ALL=(ALL) ALL” as a template and grants unrestricted access to others which may be potentially very harmful.

Editing ‘visudo’ file to something like the below pattern may really be very dangerous, unless you believe all the listed users completely.

root ALL=(ALL) ALL
adam ALL=(ALL) ALL
mark ALL=(ALL) ALL

Parameters of sudo

A properly configured ‘sudo‘ is very flexible and number of commands that needs to be run may be precisely configured.

The Syntax of configured ‘sudo‘ line is:

root       ALL        = (ALL)            ALL

Username  Machine name=(Effective user) command

The above Syntax can be divided into four parts:

    User_name: This is the name of ‘sudo‘ user.

    Machine_name: This is the host name, in which ‘sudo‘ command is valid. Useful when you have lots of host machines.

    (Effective_user): The ‘Effective user’ that are allowed to execute the commands. This column lets you allows users to execute System Commands.

    Command: command or a set of commands which user may run.

You have a user ‘tom‘ which is supposed to execute system command as user other than root.


How to add some services to a particular user?

tom ALL=(ALL)  /usr/sbin/fdisk,/usr/sbin/useraddd,/usr/bin/passwd

How about executing a ‘sudo‘ command without entering password?

We can execute a ‘sudo‘ command without entering password by using ‘NOPASSWD‘ flag.


adm ALL=(ALL) NOPASSWD: /usr/sbin/fdisk,/usr/sbin/useradd,/usr/bin/passwd

No comments:

Post a Comment