User : The account for which the privilege will be associated The structure of these lines is: user host=(accounts) commands However, understanding the breakdown of user privilege lines is very important. It’s not overly complicated, nor is it much of a challenge to understand. You may be surprised to find out the default sudoers file is only 31 lines long (at least in Ubuntu 16.10). User privilege: This is where you specify user privilege There are a few sections of the sudoers file you need to know about:ĭefaults: These are the default variables for sudo (remember, sudo -L is your friend)Īlias: You can create aliases for host, user, and commands Now that you clearly understand the importance of editing /etc/sudoers with visudo, let’s take a look and see what you can do. To find a listing of these defaults, issue the command sudo -L. The sudo command includes a number of defaults that can be set within /etc/sudoers. Because of this, you should always enter your new lines at the bottom of each /etc/sudoers section. In other words, the last line in /etc/sudoers will overwrite previous conflicts with the setup. The sudo command reads the sudoers file in top-to-bottom order. Because of this, you must take extra precaution when working with the /etc/sudoers file otherwise, you could find your system at serious risk. The sudo binary is setuid root, which means that when any user runs a command through sudo, they are instantly granted root permissions. Should visudo find issues, fix them immediately before closing your terminal (otherwise, you can wind up locked out of all command that require sudo (trust me, I did this once…it’s no fun) Once you’ve made changes to the file, you can even run the command sudo visudo -c to run a second automatic parse of the file. This tool will parse the file to see if there are any problems. You should never open that file with a standard text editor (such as nano or vi). Taking on the /etc/sudoers file must be done with care. In the file /etc/sudoers, you’ll find everything you need to wrestle control over sudo. Now that I have your interest piqued, how do you manage/configure sudo on your Linux machine? The answer is simple… sudoers. You can also join users into groups, to make controlling who can do what much easier.
Say, for example, you want to give certain users permission to use a certain command, without having to enter their sudo password. An added benefit of using the sudo command is that all sudo incidents are logged (Red Hat-based systems log to /var/log/secure whereas Debian-based systems log to /var/log/auth.log ). By taking advantage of the sudo system, an administrator gains far more control over who can do what on a system. Other distributions, such as Ubuntu Linux, opt for a different route. For distributions, such as Red Hat, gaining root permissions means changing to the root user with the command su. Without the elevated permission of root, many commands could not be run. Linux depends upon administrative user permission.
0 kommentar(er)
