Sudo

From wikinotes
Revision as of 21:52, 21 April 2020 by Will (talk | contribs) (→‎Usage)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

sudo allows you to assign/limit super-user privileges to users/groups.

Usage

Sudoers file Basics 

# visudo (/etc/sudoers)
will ALL=(ALL): ALL    # full sudo permissions to user
%group ALL=(ALL): ALL  # full sudo permissions to group members
superuser ALL=(ALL) NOPASSWD:ALL  # passwordless sudo

Run As user 

sudo  /bin/someprogram              # run someprogram as root
sudo -u gituser  /bin/someprogram   # Run Program as specific user
sudo -U gituser -l                  # list what sudo thinks user is allowed to do

Sudoers File

Basics

USER    HOST=(USER:GROUP)  ALLOWED_COMMANDS

USER localhost = \
    /bin/commandA, /bin/commandB   # can be split on multiple lines

USER

username     # username
#1001        # uid

%groupname   # groupname
%#1001       # gid

HOST

192.168.1.1              # ip address
myhostname               # hostname
hostA,10.10.10.10,hostC  # list of either

logic

%wheel,!willjp           # all members of wheel, but not willjp

aliased lists

If you find you are reusing a list of commands quite a lot, you can create a list of aliases. 

Cmnd_Alias  BACKUP = \
  /sbin/dump,\
  /sbin/restore,\
  /sbin/mt

willjp ALL=BACKUP     # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt

References

https://www.youtube.com/watch?v=o0purspHg-o sudo: you're doing it wrong (talk by michael w lucas)
Retrieved from "http://willpittman.net:8080/index.php?title=Sudo&oldid=17541"