1) config is in /etc/sudoers
2) edit it with visudo command, which can check syntax
3) basic configuration line:
user ALL=(ALL) ALL
1st ALL means on any computer - hostname
2nd =(ALL) means as any user - sudo -u user
3rd ALL means any command
This should always be there, to allow root run everything:
root ALL=(ALL) ALL
Example:
adam earth=(xena) /bin/kill
adam can run /bin/kill command only on computer hostname "earth" and only if logged as xena:
adam runs: sudo -u xena /bin/kill
4) user groups
till now we had users
groups are:
%group_name ALL=(ALL) ALL
5) Aliases:
User_Alias ADMINS=adam, xena
Cmnd_Alias COMMAND1=/bin/kill
now let's use it
ADMINS ALL=(ALL) COMMAND1
6) no password:
%admins_group ALL=(ALL) NOPASSWD: ALL
7) negation - allow all commands apart some:
Cmnd_Alias PASSWD_ROOT=/sbin/passwd root
user1 ALL=(ALL) !PASSWD_ROOT
8) (default) logfile:
/var/log/sudo.log
2) edit it with visudo command, which can check syntax
3) basic configuration line:
user ALL=(ALL) ALL
1st ALL means on any computer - hostname
2nd =(ALL) means as any user - sudo -u user
3rd ALL means any command
This should always be there, to allow root run everything:
root ALL=(ALL) ALL
Example:
adam earth=(xena) /bin/kill
adam can run /bin/kill command only on computer hostname "earth" and only if logged as xena:
adam runs: sudo -u xena /bin/kill
4) user groups
till now we had users
groups are:
%group_name ALL=(ALL) ALL
5) Aliases:
User_Alias ADMINS=adam, xena
Cmnd_Alias COMMAND1=/bin/kill
now let's use it
ADMINS ALL=(ALL) COMMAND1
6) no password:
%admins_group ALL=(ALL) NOPASSWD: ALL
7) negation - allow all commands apart some:
Cmnd_Alias PASSWD_ROOT=/sbin/passwd root
user1 ALL=(ALL) !PASSWD_ROOT
8) (default) logfile:
/var/log/sudo.log
No comments:
Post a Comment