Linux sudo

From Ever changing code
Revision as of 15:41, 4 November 2019 by Pio2pio (talk | contribs) (→‎Sudo - grant a user root privilages)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sudo - grant a user root privilages

sudo usermod -aG sudo nameofuser  # enough for Ubuntu, logout required
sudo passwd root                  # sets root password, so it can be used to login

Edit safely /etc/sudoers file

sudo visudo

User rules fields explained

#       The first ALL is the users allowed
#        |    The second one is the hosts; on all hosts (if you distribute the same sudoers file to many computers)
#        |     |
#  piotr ALL=(ALL:ALL) ALL
#                 /     |
#               /   The last one is the commands allowed
#       The third one is the user as you are running the command

In examples below names beginning with a "%" indicate group names in /etc/group

root  ALL=(ALL)    ALL               # standard root entry
piotr ALL=(ALL)    NOPASSWD: ALL     # user can run as root without password
piotr ALL=         NOPASSWD: ALL              # piotr will not be prompted for password, just another format to above
piotr ALL=         NOPASSWD: /usr/bin/service # piotr will not be prompt for password while running 'service' command
%wheel ALL=(ALL)   NOPASSWD: ALL              # members of 'wheel' group can run without a password

If you find a number of entries applied to your user, the last entry takes precedence

sudo -l # list all of the rules in the /etc/sudoers that apply to your user
sudo -k # clear the timer

Add user to the elevated privileges group

In Ubuntu adding a user to admin group will grant root user level access. Adding the user to sudo group will allow to execute any command as root user.

sudo usermod -aG nameofgroup nameofuser

In RedHat/CentOS add an user to a group wheel to enable sudo commands execution as root user.

sudo usermod -aG wheel nameofuser

In both examples above you need to login again for changes to be applied.

Disable sudo password timeout

Add Default setting to the sudoers file. Doing it directly is not advised, use visudo

sudo visudo
Defaults        timestamp_timeout=-1