Sudo: Difference between revisions

From wikinotes
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
sudo allows you to assign/limit super-user privileges to users/groups.
sudo allows you to assign/limit super-user privileges to users/groups.


= Usage =
= Documentation =
<blockquote>
<blockquote>
{| class="wikitable"
|-
| <code>man sudo</code> || https://man.archlinux.org/man/core/sudo/sudo.8.en
|-
| <code>man sudoers</code> || https://man.archlinux.org/man/core/sudo/sudoers.5.en
|}
</blockquote><!-- Documentation -->


Sudoers file Basics
= Tutorials =
<source lang="bash">
# visudo (/etc/sudoers)
will ALL=(ALL): ALL    # full sudo permissions to user
%group ALL=(ALL): ALL  # full sudo permissions to group members
superuser ALL=(ALL) NOPASSWD:ALL  # passwordless sudo
 
</source>
 
Run As user
<source lang="bash">
sudo  /bin/someprogram              # run someprogram as root
sudo -u gituser  /bin/someprogram  # Run Program as specific user
sudo -U gituser -l                  # list what sudo thinks user is allowed to do
</source>
</blockquote><!-- Usage -->
 
= Sudoers File =
<blockquote>
<blockquote>
{| class="wikitable"
|-
| https://www.youtube.com/watch?v=o0purspHg-o || sudo: you're doing it wrong (talk by michael w lucas)
|-
|}
</blockquote><!-- Tutorials -->


== Basics ==
= Notes =
<source lang="ini">
USER    HOST=(USER:GROUP)  ALLOWED_COMMANDS
 
USER localhost = \
    /bin/commandA, /bin/commandB  # can be split on multiple lines
</source>
 
=== USER ===
<source lang="bash">
username    # username
#1001        # uid
 
%groupname  # groupname
%#1001      # gid
 
</source>
 
=== HOST ===
<source lang="bash">
192.168.1.1              # ip address
myhostname              # hostname
hostA,10.10.10.10,hostC  # list of either
</source>
 
== logic ==
<source lang="bash">
%wheel,!willjp          # all members of wheel, but not willjp
</source>
 
== aliased lists ==
If you find you are reusing a list of commands quite a lot, you can create a list of aliases.
 
<source lang="bash">
Cmnd_Alias  BACKUP = \
  /sbin/dump,\
  /sbin/restore,\
  /sbin/mt
 
willjp ALL=BACKUP    # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt
</source>
</blockquote><!-- Sudoers file -->
 
= References =
<blockquote>
<blockquote>
{|
{| class="wikitable"
| https://www.youtube.com/watch?v=o0purspHg-o || sudo: you're doing it wrong (talk by michael w lucas)
|-
| [[sudo usage]]
|-
| [[sudo configuration]]
|-
| [[sudo troubleshooting]]
|-
|}
|}
</blockquote><!-- Refernces -->
</blockquote><!-- Notes -->

Latest revision as of 21:14, 2 April 2022

sudo allows you to assign/limit super-user privileges to users/groups.

Documentation

man sudo https://man.archlinux.org/man/core/sudo/sudo.8.en
man sudoers https://man.archlinux.org/man/core/sudo/sudoers.5.en

Tutorials

https://www.youtube.com/watch?v=o0purspHg-o sudo: you're doing it wrong (talk by michael w lucas)

Notes

sudo usage
sudo configuration
sudo troubleshooting
Retrieved from "http://willpittman.net:8080/index.php?title=Sudo&oldid=29530"