Difference between revisions of "Linux sudo"
Jump to navigation
Jump to search
(Created page with "=Sudo - grant a user root privilages= sudo usermod -aG sudo nameofuser #enough for Ubuntu, logout required sudo passwd root #sets root password, so it can be used to login...") |
|||
Line 27: | Line 27: | ||
sudo -k #clear the timer | sudo -k #clear the timer | ||
= Add user to the elevated privileges group = | |||
In '''Ubuntu''' adding a user to ''admin'' group will grant ''root'' user level access. Adding the user to ''sudo'' group will allow to execute any command as ''root'' user. | |||
sudo usermod -aG nameofgroup nameofuser | |||
In '''RedHat/CentOS''' add an user to a group ''wheel'' to enable sudo commands execution as ''root'' user. | |||
sudo usermod -aG wheel nameofuser | |||
In both examples above you need to login again for changes to be applied. | |||
= References = | = References = |
Revision as of 20:30, 25 April 2016
Sudo - grant a user root privilages
sudo usermod -aG sudo nameofuser #enough for Ubuntu, logout required sudo passwd root #sets root password, so it can be used to login
Edit safely /etc/sudoers file
sudo visudo
User rules fields explained
The first ALL is the users allowed | The second one is the hosts; on all hosts (if you distribute the same sudoers file to many computers) | | piotr ALL=(ALL:ALL) ALL / | / The last one is the commands allowed The third one is the user as you are running the command
In examples below names beginning with a "%" indicate group names in /etc/group
root ALL=(ALL) ALL #standard root entry piotr ALL=(ALL) NOPASSWD: ALL #user can run as root without password piotr ALL= NOPASSWD: ALL #piotr will not be prompted for password, just another format to above piotr ALL= NOPASSWD: /usr/bin/service #piotr will not be prompt for password while running 'service' command %wheel ALL=(ALL) NOPASSWD: ALL #members of 'wheel' group can run without a password
If you find a number of entries applied to your user, the last entry takes precedence
sudo -l #list all of the rules in the /etc/sudoers that apply to your user sudo -k #clear the timer
Add user to the elevated privileges group
In Ubuntu adding a user to admin group will grant root user level access. Adding the user to sudo group will allow to execute any command as root user.
sudo usermod -aG nameofgroup nameofuser
In RedHat/CentOS add an user to a group wheel to enable sudo commands execution as root user.
sudo usermod -aG wheel nameofuser
In both examples above you need to login again for changes to be applied.