Sudoers Configuration

Sudoers Configuration

How can users have root (administrative) privileges in Linux, user without knowing the root password? One of the best answers to this question is sudo. Users login using their username and password and issue administrative commands placing sudo in front of the commands .Eg: `sudo rm /home/arun` . Sudo (su “do”) allows a system administrator to give certain users or groups of users ability to run some or all commands as root while logging all commands and arguments.

Sudoers Configuration

Sudo stands for either “substitute user do” or “super user do.Sudo allows a user to run a program as another user (most often the root user).

The sudoers determines a user’s sudo privileges.

sudoers config file: /etc/sudoers

vim /etc/sudoers or visudo

# user can access with full privilege
root        ALL = (ALL) ALL

# group users can access with full privilege
%wheel        ALL = (ALL) ALL

In the above example:

* root : name of user to be allowed to use sudo
* ALL : Allow sudo access from any terminal ( any machine ).
* (ALL) : Allow sudo command to be executed as any user.
* ALL : Allow all commands to be executed.

We can assign multiple user in one category like admin and partadmin

User_Alias ADMIN = arvi, biswa, visuntha
User_Alias PARTADMIN = guru, kokki

# Admins can run anything on any machine without a password
ADMIN    ALL = NOPASSWD: ALL

# Partadmins may run anything but need a password
PARTADMIN    ALL = ALL

# Full privelage with particular deny access:-
ADMIN      ALL=(ALL)       ALL
ADMIN      ALL=(ALL)       !/bin/su, !/usr/bin/passwd

# Full block with particular allow access:-
PARTADMIN      ALL=(ALL)       /bin/su, /usr/bin/passwd

# visuntha may change passwords for anyone but restric for root
visuntha        ALL = /usr/bin/passwd  [A-z]*, !/usr/bin/passwd  root

 

 

============================> Blass <=============================

 

 




Leave a Reply

Your email address will not be published. Required fields are marked *