Tuesday 25 June 2013

How to configure a sudo user in linux

If a server needs to be administered by a number of people it is normally not a good idea for them all to use the root account.
This is because it becomes difficult to determine exactly who did what, when and where if everyone logs in with the same credentials. The sudo utility was designed to overcome this difficulty.

The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally be able to due to file permission restrictions. The commands can be run as user "root" or as any other user defined in the /etc/sudoers configuration file.

When running the command with the sudo prefix, you will be prompted for your regular password before it is executed.
You may run other privileged commands using sudo within a five-minute period without being re-prompted for a password.
All commands run as sudo are logged in the 

 log file /var/log/messages.

say a user try to read the file /etc/sudoers, then normally it shows /etc/sudoers: Permission denied. Due to permission issue as normal users are not permitted to read this file. If we try the same faile with # sudo

# sudo more /etc/sudoers -- it will ask for your password
"ctechz not in the sudoers file. This incident will be reported".


This error will show because we didn't add the user 'ctechz' to sudo users list, so add the user into it.



the above is a normal user, switch as root user and try

# visudo

 General sudoers File Record Format
usernames/group servername = (usernames command can be run as) command
There are some general guidelines when editing this file:-

* Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group "users" would be represented by %users.


* You can have multiple usernames per line separated by commas.


* Multiple commands also can be separated by commas. Spaces are considered part of the command.


* The keyword ALL can mean all usernames, groups, commands and servers.


* If you run out of space on a line, you can end it with a back slash (\) and continue on the next line.


* The NOPASSWD keyword provides access without prompting for your password.

## Allow root to run any commands anywhere
root    ALL=(ALL) ALL 

ctechz  ALL=(ALL) ALL  -------> this user can run all commands
              run by root using sudo.

 Sudo shell

If you have sufficient rights configured in sudoers you can also open a root shell by using


# sudo -s
or
# sudo -i

 
If the user dont have any right to perform it shows that user is not in the sudoers file.

No comments:

Post a Comment