Sudo
Sudo stands for either “substitute user do” or “super
user do” (depending upon how you want to look at it). What sudo does is
incredibly important and crucial to many Linux distributions. Effectively, sudo
allows a user to run a program as another user ( Most often the root user ).
There are many that think sudo is the best way to achive “best practice
security” on linux.
Users can login using their username and password
and can issue administrative commands placing sudo in front of the commands, eg
sudo rpm –Uvh *.rpm, to tun the command which installs and updates programs in
Linux(rpm)
The file /etc/sudoers
file has the rules that users have to follow
when using sudo command. That means that whatever commands access is
provided to any user in /etc/sudoers
file , that user can only run those commands.
Advantages
of Using SUDO
Two Best advantages about using sudo are:
- Limited user privileges
As we have studied above that we can restrict users
to use certain commands as privileged user as per the role of the user.
Eg:
Networking commands for network user and Admin commands for admin users etc.
- Logs of the actions done by users
All commands executed by sudo users will be stored
in /var/log/secure file, but still
if you want you can make your own log file by passing an entry in /etc/sudoers file at the bottom as “Defaults logfile=/var/log/sudo.log” or
whatever name you want, to save the logs of what commands is executed by which
sudo user.
The
/etc/sudoers File:
- As we read above that it is the configuration file for sudo users, which is used to assign specific commands to the specific users or groups.
- Always use visudo command to edit this file. It prevents two users from editing the file at the same time, and it also provides limited syntax checking.
- When we run Visudo command the output will be as follows.
##
Next comes the main part: which users can run what software on
##
which machines (the sudoers file can be shared between multiple
##
systems).
##
Syntax:
##
## user
MACHINE=COMMANDS
##
##
The COMMANDS section may have other options added to it.
##
##
Allow root to run any commands anywhere
##
Allows members of the 'sys' group to run networking, software,
##
service management apps and more.
#
%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE,
DRIVERS
##
Allows people in group wheel to run all commands
#
%wheel ALL=(ALL) ALL
|
- As we can see there is basically one line
- Root ALL=(ALL) ALL
- This line means that the user root can execute from all terminals, acting as ALL (any) users, and run ALL(any) Command.
- So the first part is the user, the second is the terminal from where the user can use sudo, the third is as which user he may act, and the last one, is which commands he may run.
- The advantage of visudo command, while editing if there are any syntax error it will be reflected as follows.
|
[root@linuxelearn
pooja]#
[root@linuxelearn
pooja]# visudo
>>>
/etc/sudoers: syntax error near line 98 <<<
What
now?
|
Some
Options Of SUDO Command
Like any good command there are a few options to
make sudo, do more!
sudo
su
This command will make you the root user and load your custom user environment
variables.
sudo
–b
This command will run the command in the background. This is useful for commands that display a
lot of output as they are running.
sudo
–s
This command will run the shell specified with elevated privlages, giving you
the # prompt (don’t forget to exit!)
Sudo gives us safe elevated privileges when we want
to run important commands. It might be
the most used and powerful command among Ubuntu users, as it has become the
preferred method in that distribution.
Now that you have the power, be sure to be safe when you issue your
commands! There is no su-undo!
Example:
Allow a user “pooja” all privileges like root
To assign root privileges to user add a line by
using sudoers file as shown below.
#visudo
(Save file using “wq!”)
|
## user
MACHINE=COMMANDS
##
##
The COMMANDS section may have other options added to it.
##
##
Allow root to run any commands anywhere
root ALL=(ALL) ALL
pooja ALL=(ALL) ALL
##
Allows members of the 'sys' group to run networking, software,
##
service management apps and more.
#
%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES,
LOCATE, DRIVERS
|
First try to run fdisk command normally and see what happens.
|
[root@linuxelearn
~]# su pooja
[pooja@linuxelearn
~]$ fdisk -l
[pooja@linuxelearn
~]$ fdisk /dev/sa
Unable
to open /dev/sa
[pooja@linuxelearn
~]$
|
- Now using SUDO command.
|
[pooja@linuxelearn
~]$ sudo fdisk -l
We
trust you have received the usual lecture from the local System
Administrator.
It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great
responsibility.
[sudo]
password for pooja:
Disk
/dev/sda: 17.2 GB, 17179869184 bytes
255
heads, 63 sectors/track, 2088 cylinders
Units
= cylinders of 16065 * 512 = 8225280 bytes
Sector
size (logical/physical): 512 bytes / 512 bytes
I/O
size (minimum/optimal): 512 bytes / 512 bytes
Disk
identifier: 0x000efa3d
Device Boot Start End Blocks
Id System
/dev/sda1 *
1 26 204800
83 Linux
Partition
1 does not end on cylinder boundary.
/dev/sda2 26 1301 10240000
83 Linux
/dev/sda3 1301 1562 2097152
82 Linux swap / Solaris
/dev/sda4 1562 2088 4228884 5
Extended
/dev/sda5 1562 1626 517837+
82 Linux swap / Solaris
/dev/sda6 1627 1691 522081
8e Linux LVM
/dev/sda7 1692 1756 522081
8e Linux LVM
/dev/sda8 1757 1821 522081
82 Linux swap / Solaris
[pooja@linuxelearn
~]$
|
It's all done!
You can
learn more about these commands through man pages.
#
man sudo
#
man su
I
Hope you like this article……..
Post a Comment