www.LinuxHowtos.org

edit this article

An introduction to sudo

This tip demonstrates some common uses of sudo which allows normal users to run commands with elevated privileges. This week we look at using sudo to view log files and handle basic user administration.

Code Listing 1: Getting sudo

% emerge app-admin/sudo 
or 
apt-get install sudo 
or ...

The first thing to do is set up the /etc/sudoers file which controls all the privileges handled by sudo. Instead of editing this file directly, use the visudo command. For a full list of configuration options, see the sudoers man page (man 5 sudoers).

This file is just an example and demonstrates how to create command and user aliases.

Code Listing 2: /etc/sudoers

# sudoers file. 
# 
# This file MUST be edited with the 'visudo' command as root. 
# 
# See the sudoers man page for the details on how to write a sudoers file. 
# 
 
# User alias specification 
User_Alias      HELPDESK  = jfox, helpdesk 
User_Alias      SYSADMINS = david, jc 
 
# Cmnd alias specification 
# Create aliases for all commands used in viewing files 
Cmnd_Alias      VIEW = /bin/cat, /bin/grep, /bin/more, /usr/bin/head,  
                       /usr/bin/tail, /usr/bin/less  
 
# commands for user administration 
Cmnd_Alias  USERADMIN = /usr/sbin/useradd, /usr/sbin/userdel,  
                        /usr/sbin/usermod 
 
# User privilege specification 
# Allow SYSADMINS to run any command as any user 
SYSADMINS   ALL = ALL 
 
# Allow  users in HELPDESK to use the user administration commands and 
# to use the VIEW commands without a password 
HELPDESK    ALL = USERADMIN, NOPASSWD:VIEW 
 
# Allow users in the %users group to use the VIEW commands 
%users      ALL = VIEW

Now that your /etc/sudoers file has been created, you can issue commands using sudo command.

Code Listing 3: Examples

// Viewing /var/log/critical/current as the helpdesk user 
helpdesk@mybox% sudo tail /var/log/critical/current 
 
// Adding a new user as the user jfox 
jfox@mybox% sudo useradd marcus 
Password: password for jfox

While this is no means comprehensive, this should introduce you to some of the many possibilities of sudo. For more examples and options see the man pages or the web page at http://www.courtesan.com/sudo/.

From http://www.gentoo.org/news/en/gwn/20030915-newsletter.xml

rate this article:
current rating: average rating: 1.5 (60 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back