Explain the sudo user?
Sudoers allows particular users to run various root user commands without needing a root password.
configure file is :- vi /etc/sudoers
Configure this file for normal user that means we can give special permission.
Note :- vi /etc/sudoers
It is not use to open this file using vim & vi editor because this editor cannot check the syntax .
So we recommended to open this file using command.
Open terminal and use this command :- visudo
Note
:- This command execute by only root and Once this file is opened
nobody can open this file on another terminal because this file is
showing message . "This file is busy:
Real example
You
are Admin in your organization but other user need to performed root
operation so you can't share root password so what can you do .
Answer is you have sudo user option without sharing root password give special permission and performed particulars task.
example : create user : tom
root@server:~#useradd tom Add user
root@server:~#passwd tom Set Password
root@server:~#su tom
tom@server:~#fdisk -l
Note:- It will not allow a normal user to run this command this command
Now add tom in sudo file using this command.
root@server:~#visudo press enter
Goto line :
root ALL=(ALL) ALL
tom All= (ALL) /sbin/fdisk
You can see full path of command using this command:
root@server:~#which fdisk
Output:- /sbin/fdisk
Now login by tom and run this command .
root@server:~#su tom
tom@server:~# sudo fdisk -l
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 8804B809-0DB4-499E-8577-0CCCD08B679F
Device Start End Sectors Size Type
/dev/sda1 2048 600000511 599998464 286.1G Linux filesystem
/dev/sda2 600000512 976771071 376770560 179.7G Linux filesystem
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 8804B809-0DB4-499E-8577-0CCCD08B679F
Device Start End Sectors Size Type
/dev/sda1 2048 600000511 599998464 286.1G Linux filesystem
/dev/sda2 600000512 976771071 376770560 179.7G Linux filesystem
Now you want to give full permission
root@server:~#visudo press enter
Goto and file line :
root ALL=(ALL) ALL
tom All= (ALL) ALL
Note:- Tom is enable to run any command as root user without root password .
Is it possible run command without password ?
Yes it is possible.
root@server:~#visudo press enter
Goto and file line :
root ALL=(ALL) ALL
tom All= (ALL) NOPASSWD:ALL
How to create User alias :
User alias used when you want to give permission for multiple user at same time .
root@server:~#visudo
root ALL=(ALL) ALL
OURTEAM All= (ALL) NOPASSWD:ALL
User_Alias OURTEAM=jack, cake, jarry
#Group based sudo permission:-
let’s assign it root privileges for javagroup .Java group exists 1000 members.I want to assign permission group user it is not possible to write all user name in sudoer file then we have to attached in group and only give permission only one group.
Let's check it.
if you don't have idea how to add user in group please check out follow this link.
find it group wheel section .
root@server:~#visudo
##Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%javagroup ALL=(ALL) ALL
Sudo user commands history is logged?
All the sudo users commands history is logged in /var/log/secure file to make a record of sudo usercommands.
# cat /var/log/secure
(to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the
No comments:
Post a Comment