what is mean by sudo?
sudo is a program for linux-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.
Who can execute ‘sudo’?
We can run ‘visudo‘ to add/remove the list of users who can execute ‘sudo‘
The sudo list looks like the below string, by default:
root ALL=(ALL) ALL
Granting sudo Access
In many situation, System Administrator, specially new to the field finds the string “root ALL=(ALL) ALL” as a template and grants unrestricted access to others which may be potentially very harmful.
Editing ‘visudo’ file to something like the below pattern may really be very dangerous, unless you believe all the listed users completely.
root ALL=(ALL) ALL
adam ALL=(ALL) ALL
tom ALL=(ALL) ALL
mark ALL=(ALL) ALL
Parameters of sudo
A properly configured ‘sudo‘ is very flexible and number of commands that needs to be run may be precisely configured.
The Syntax of configured ‘sudo‘ line is:
root ALL = (ALL) ALL
Username Machine name=(Effective user) command
The above Syntax can be divided into four parts:
User_name: This is the name of ‘sudo‘ user.
Machine_name: This is the host name, in which ‘sudo‘ command is valid. Useful when you have lots of host machines.
(Effective_user): The ‘Effective user’ that are allowed to execute the commands. This column lets you allows users to execute System Commands.
Command: command or a set of commands which user may run.
You have a user ‘tom‘ which is supposed to execute system command as user other than root.
tom ALL=(ALL) ALL
How to add some services to a particular user?
tom ALL=(ALL) /usr/sbin/fdisk,/usr/sbin/useraddd,/usr/bin/passwd
How about executing a ‘sudo‘ command without entering password?
We can execute a ‘sudo‘ command without entering password by using ‘NOPASSWD‘ flag.
adm ALL=(ALL) NOPASSWD: ALL
adm ALL=(ALL) NOPASSWD: /usr/sbin/fdisk,/usr/sbin/useradd,/usr/bin/passwd
sudo is a program for linux-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.
Who can execute ‘sudo’?
We can run ‘visudo‘ to add/remove the list of users who can execute ‘sudo‘
The sudo list looks like the below string, by default:
root ALL=(ALL) ALL
Granting sudo Access
In many situation, System Administrator, specially new to the field finds the string “root ALL=(ALL) ALL” as a template and grants unrestricted access to others which may be potentially very harmful.
Editing ‘visudo’ file to something like the below pattern may really be very dangerous, unless you believe all the listed users completely.
root ALL=(ALL) ALL
adam ALL=(ALL) ALL
tom ALL=(ALL) ALL
mark ALL=(ALL) ALL
Parameters of sudo
A properly configured ‘sudo‘ is very flexible and number of commands that needs to be run may be precisely configured.
The Syntax of configured ‘sudo‘ line is:
root ALL = (ALL) ALL
Username Machine name=(Effective user) command
The above Syntax can be divided into four parts:
User_name: This is the name of ‘sudo‘ user.
Machine_name: This is the host name, in which ‘sudo‘ command is valid. Useful when you have lots of host machines.
(Effective_user): The ‘Effective user’ that are allowed to execute the commands. This column lets you allows users to execute System Commands.
Command: command or a set of commands which user may run.
You have a user ‘tom‘ which is supposed to execute system command as user other than root.
tom ALL=(ALL) ALL
How to add some services to a particular user?
tom ALL=(ALL) /usr/sbin/fdisk,/usr/sbin/useraddd,/usr/bin/passwd
How about executing a ‘sudo‘ command without entering password?
We can execute a ‘sudo‘ command without entering password by using ‘NOPASSWD‘ flag.
adm ALL=(ALL) NOPASSWD: ALL
adm ALL=(ALL) NOPASSWD: /usr/sbin/fdisk,/usr/sbin/useradd,/usr/bin/passwd
No comments:
Post a Comment