Scribd
Upload
212 views

4.1 Understanding Sudo

The sudo command allows users to run commands as another user, typically the root user. It is configured using the /etc/sudoers file, which specifies which users can run which commands. The sudoers file uses aliases to group users, hosts, and commands. It defines entries with the format "user host=(as_user) command" to grant sudo privileges. The visudo command must be used to safely edit sudoers.

Uploaded by

gidum2007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
212 views

4.1 Understanding Sudo

The sudo command allows users to run commands as another user, typically the root user. It is configured using the /etc/sudoers file, which specifies which users can run which commands. The sudoers file uses aliases to group users, hosts, and commands. It defines entries with the format "user host=(as_user) command" to grant sudo privileges. The visudo command must be used to safely edit sudoers.

Uploaded by

gidum2007
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

Shikhar Verma 1

The sudo command is basically a command that allow one user to


execute a command as another user. It is commonly used to allow basic
users to execute commands usually reserved to the root user (a user
typically used by administrators), such as the kill, mount, adduser
commands

The visudo command is a safe and secure way of editing the


/etc/sudoers file on UNIX and Linux systems. Since the sudoers file
determines which users can run administrative tasks.

sudo is easy to configure and uses a straightforward syntax. You use


the command visudo to edit the file /etc/sudoers.

2
1 sudoers file : Definition

The sudoers file (/etc/sudoers by default) is the “List of who can run what”. The file
is basically built over 2 kind of data :

Aliases : Aliases are variables that stores multiples entries that fit the same domain
(users, hosts, commands).

There are 4 kind of Aliases as :


*User_Alias ==> for listing users
*Runas_Alias ==> for listing users a given user can run as,
*Host_Alias ==> for listing hosts
*Cmnd_Alias ==> for listing commands.

3
Alias:

# User alias specification


##
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim

# Runas alias specification ##


Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase

4
Alias:
# Host alias specification ##

Host_Alias CUNETS = 128.138.0.0/255.255.0.0


Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0

# Cmnd alias specification ##


Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump,
/usr/sbin/restore, /usr/sbin/rrestore, /usr/bin/mt

Cmnd_Alias KILL = /usr/bin/kill

5
 Users specifications : This is where all informations are compiled into a
effective one-liner.

 sudo : Usage

 The sudo command itself is quite simple. Its basic syntax is :

 sudo 'command’

 Check whether or not you are in the sudoers file and what are the
forbidden/allowed commands for you or another user with a “-U” option :
sudo -l or sudo -ll (for a long list format) or sudo -l -U

6
 visudo : The tool

 When working on the sudoers file, you should use one tool
visudo.

 sudoers : Basics

 This one is the important part you need to understand in order to


get basic control of the sudoers process in a Linux box.

7
 When you first open the sudoers file the only not-commented line is :
 root ALL=(ALL) ALL
 user hosts=(users:groups) commands

 Let’s use this to explain the basic of the sudoers syntax. We can see that there are
4 fields as :

 root : This is the user(s) to whom the following “items” applies


 ALL : This is the place(s) where the “sudo command” can be launched
 (ALL) : This is the part that specify which user(s) you may act as.
 ALL : This is the command(s) that may be ran using the sudo command

 This can be literally said as : The user root (1) can execute ALL commands (4) as
ALL users (3) from ALL places (2).

8
 The basic syntax of the sudoers file could be described as :

 USER PLACES=(AS_USER) [NOPASSWD:] COMMAND


 user hosts=(users:groups) commands

 USER can be any : existing user(s) , user ID, User_Alias


 PLACES can be any combinations of : hostname, domain_name, IP addresses,
wildcards
 (AS_USER) can be any : existing user(s) , user ID, Runas_Alias
 COMMAND can be any : existing command(s), COMMAND_ALIASES
 [NOPASSWD:] is use to specify that the following commands can be run
WITHOUT being prompted for a password ! (quite dangerous : use at your own
risk)

9
 2.3 Basic examples

 Here are some basic examples that may help you understand the
basics of the sudoers file.

 Allow the user pier to run ALL commands from anywhere as root:
 pier ALL=(ALL) ALL

 Same as above but without any password prompt (!)


 pier ALL=(ALL) NOPASSWD: ALL

10
 Allow the user paul to run yum, mount and ifconfig commands
from anywhere as root:
 paul ALL=(ALL) /usr/bin/yum, /sbin/mount, /sbin/ifconfig

 You may also specify some commands to be ran with a password


and some “password-free” on one line, in the below example we
allow paul to run only the partedcommand without any password
prompt :
 paul ALL=(ALL) /usr/bin/yum, /sbin/mount, /sbin/ifconfig,
NOPASSWD: /sbin/parted

11
 Aliases

 Aliases : Aliases are variables that stores multiples entries that fit
the same domain (users, hosts, commands).
 There are 4 kind of Aliases as :
 *User_Alias ==> for listing users
 *Runas_Alias ==> for listing users a given user can run as,
 *Host_Alias ==> for listing hosts
 *Cmnd_Alias ==> for listing commands.

12
 User_Alias MANAGERS = steve,bill,james

 Cmnd_Alias READ = mytop,cat,tail

 daniel ALL=(ALL) READ

 MANAGERS ALL=(ALL) READ

13
END of this Course Module.

Thanks
14

You might also like