Sudo: Difference between revisions
From wikinotes
(→Usage) |
No edit summary |
||
Line 1: | Line 1: | ||
sudo allows you to assign/limit super-user privileges to users/groups. | sudo allows you to assign/limit super-user privileges to users/groups. | ||
= Notes = | |||
<blockquote> | |||
{| class="wikitable" | |||
|- | |||
| [[sudo usage]] | |||
|- | |||
| [[sudo configuration]] | |||
|- | |||
| [[sudo troubleshooting]] | |||
|- | |||
|} | |||
</blockquote><!-- Notes --> | |||
= Usage = | = Usage = |
Revision as of 21:09, 2 April 2022
sudo allows you to assign/limit super-user privileges to users/groups.
Notes
sudo usage sudo configuration sudo troubleshooting
Usage
Sudoers file Basics
# visudo (/etc/sudoers) will ALL=(ALL): ALL # full sudo permissions to user %group ALL=(ALL): ALL # full sudo permissions to group members superuser ALL=(ALL) NOPASSWD:ALL # passwordless sudoRun As user
sudo /bin/someprogram # run someprogram as root sudo -u gituser /bin/someprogram # Run Program as specific user sudo -U gituser -l # list what sudo thinks user is allowed to do
Sudoers File
Basics
USER HOST=(USER:GROUP) ALLOWED_COMMANDS USER localhost = \ /bin/commandA, /bin/commandB # can be split on multiple linesUSER
username # username #1001 # uid %groupname # groupname %#1001 # gidHOST
192.168.1.1 # ip address myhostname # hostname hostA,10.10.10.10,hostC # list of eitherlogic
%wheel,!willjp # all members of wheel, but not willjpaliased lists
If you find you are reusing a list of commands quite a lot, you can create a list of aliases.
Cmnd_Alias BACKUP = \ /sbin/dump,\ /sbin/restore,\ /sbin/mt willjp ALL=BACKUP # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt
References
https://www.youtube.com/watch?v=o0purspHg-o sudo: you're doing it wrong (talk by michael w lucas)