Difference between revisions of "Linux sudo"
Jump to navigation
Jump to search
(Created page with "=Sudo - grant a user root privilages= sudo usermod -aG sudo nameofuser #enough for Ubuntu, logout required sudo passwd root #sets root password, so it can be used to login...") |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Sudo - grant a user root privilages= | =Sudo - grant a user root privilages= | ||
;Ubuntu | |||
<source lang=bash> | |||
sudo usermod -aG sudo nameofuser # enough for Ubuntu, logout required | |||
sudo passwd root # sets root password, so it can be used to login | |||
</source> | |||
Edit safely /etc/sudoers file | Edit safely /etc/sudoers file | ||
<source lang=bash> | |||
sudo visudo | |||
</source> | |||
User rules fields explained | User rules fields explained | ||
<source lang=bash> | |||
# The first ALL is the users allowed | |||
# | The second one is the hosts; on all hosts (if you distribute the same sudoers file to many computers) | |||
# | | | |||
# piotr ALL=(ALL:ALL) ALL | |||
# / | | |||
# / The last one is the commands allowed | |||
# The third one is the user as you are running the command | |||
</source> | |||
In examples below names beginning with a "%" indicate group names in /etc/group | In examples below names beginning with a "%" indicate group names in /etc/group | ||
<source lang=bash> | |||
root ALL=(ALL) ALL # standard root entry | |||
piotr ALL=(ALL) NOPASSWD: ALL # user can run as root without password | |||
piotr ALL= NOPASSWD: ALL # piotr will not be prompted for password, just another format to above | |||
piotr ALL= NOPASSWD: /usr/bin/service # piotr will not be prompt for password while running 'service' command | |||
%wheel ALL=(ALL) NOPASSWD: ALL # members of 'wheel' group can run without a password | |||
</source> | |||
If you find a number of entries applied to your user, the last entry takes precedence | If you find a number of entries applied to your user, the last entry takes precedence | ||
<source lang=bash> | |||
sudo -l # list all of the rules in the /etc/sudoers that apply to your user | |||
sudo -k # clear the timer | |||
</source> | |||
= Add user to the elevated privileges group = | |||
In '''Ubuntu''' adding a user to ''admin'' group will grant ''root'' user level access. Adding the user to ''sudo'' group will allow to execute any command as ''root'' user. | |||
sudo usermod -aG nameofgroup nameofuser | |||
In '''RedHat/CentOS''' add an user to a group ''wheel'' to enable sudo commands execution as ''root'' user. | |||
sudo usermod -aG wheel nameofuser | |||
In both examples above you need to login again for changes to be applied. | |||
= Disable sudo password timeout = | |||
Add <code>Default</code> setting to the sudoers file. Doing it directly is not advised, use <code>visudo</code> | |||
<source lang=bash> | |||
sudo visudo | |||
Defaults timestamp_timeout=-1 | |||
</source> | |||
= References = | = References = |
Latest revision as of 15:41, 4 November 2019
Sudo - grant a user root privilages
- Ubuntu
sudo usermod -aG sudo nameofuser # enough for Ubuntu, logout required sudo passwd root # sets root password, so it can be used to login
Edit safely /etc/sudoers file
sudo visudo
User rules fields explained
# The first ALL is the users allowed # | The second one is the hosts; on all hosts (if you distribute the same sudoers file to many computers) # | | # piotr ALL=(ALL:ALL) ALL # / | # / The last one is the commands allowed # The third one is the user as you are running the command
In examples below names beginning with a "%" indicate group names in /etc/group
root ALL=(ALL) ALL # standard root entry piotr ALL=(ALL) NOPASSWD: ALL # user can run as root without password piotr ALL= NOPASSWD: ALL # piotr will not be prompted for password, just another format to above piotr ALL= NOPASSWD: /usr/bin/service # piotr will not be prompt for password while running 'service' command %wheel ALL=(ALL) NOPASSWD: ALL # members of 'wheel' group can run without a password
If you find a number of entries applied to your user, the last entry takes precedence
sudo -l # list all of the rules in the /etc/sudoers that apply to your user sudo -k # clear the timer
Add user to the elevated privileges group
In Ubuntu adding a user to admin group will grant root user level access. Adding the user to sudo group will allow to execute any command as root user.
sudo usermod -aG nameofgroup nameofuser
In RedHat/CentOS add an user to a group wheel to enable sudo commands execution as root user.
sudo usermod -aG wheel nameofuser
In both examples above you need to login again for changes to be applied.
Disable sudo password timeout
Add Default
setting to the sudoers file. Doing it directly is not advised, use visudo
sudo visudo Defaults timestamp_timeout=-1