Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring sudo

Tips and Tricks

Configuring sudo

by adamf Posted Mar 12, 2002 (Edited Mar 12, 2002)

Creating a sudoers file....

sudo allows users to execute commands that they would not normally have access to. Examples of use would be:
Operations given some super user commands
Locked down accounts with limited use (No 'useful' $PATH variable defined)

When a user runs a command under sudo, the syntax is sudo /path/to/command1

The system then checks the sudoers file, and if appropriate, prompts the user for his/her login password. Once this has been verifid, the command will run as per it's permissions.

sudo is configured using the /usr/local/etc/visudo command, which edits the file /etc/sudoers

NB. THIS FILE SHOULD ONLY BE EDITED WITH VISUDO. All white spaces are TABS.

The sudoers file (an example of which is below) contains the following entries:

Host_alias - Name of the node the sudoers file relates to. (UNIX1 in this case). The alias name MYHOST could be anything.

User_Alias - A user, or list of users who will be given access to a group of commands. 3 User_Alias entries are below. The list is comma delimited.

Cmnd_Alias - A list of commands grouped together - eg Cmnd_Alias SOMECMDS contains the commands cmd1, cmd2 and cmd3 with fully qualified paths. Again, comma delimited. The \ just acts as a line break to keep things neat.

The User Privilege Specification tells sudo who can do what:

Each User_alias can run the specified commands as per the Cmnd_Alias on the node specified in the Host_Alias. In this example:

The WEBADMIN User-Alias (users webadmin1 and webadmin2) can execute cmd1 and cmd2 (Commands specified in Cmnd_Alias SOMECMDS) on the node or system UNIX1 as specified in the Host_Alias definition.

The final line allows rod, jand and freddy access to run commands special1 and special2, the commands will run as user bungle, and will not ask for a password.

# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias MYHOST=UNIX1
# User alias specification
User_Alias WEBADMIN=webadmin1,webadmin2
User_Alias NETADMIN=netadmin1,netadmin2,fred
User_Alias ORGANGRINDER=rod,jane,freddy
# Cmnd alias specification
Cmnd_Alias SOMECMDS=/path/to/cmd1, /path/to/cmd2, path/to/cmd3
Cmnd_Alias SOMEMORECMDS= /path/to/command4, /path/to/cmd5, /path/to/cmd6, /path/to/cmd7
Cmnd_Alias SPECIALSTUFF= /path/to/special1, /path/to/special2
# User privilege specification
WEBADMIN MYHOST=SOMECMDS
NETADMIN MYHOST=SOMECMDS,SOMEMORECMDS
ORGANGRINDER MYHOST=(bungle) NOPASSWD: SPECIALSTUFF

Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top