UNIX Command RTFM: sudo(8)

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux Users and Groups Management
Basic Unix system administration
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
User Accounts and Permissions Chapter IV / Part II.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
System Administration 1.  system administration  user and group management 2.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Λειτουργικά Συστήματα - Lab1 Γιάννης Πετράκης. The Operating System  Unix is a layered operating system  The innermost layer is the hardware that provides.
Preliminary PreparationS for the Training AIST=Innovation 1.WinSCP Installation Download Site: 2. Putty.exe file download.
Manually Creating a New User Account Presented by Carl South.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
The Kernel At a high level, the kernel in an operating system serves as the bridge between applications and the actual data processing of the hardware.
 Last lesson, the Windows Operating System was discussed along with the Windows command shell  Unix is a computer operating system, that similarly manages.
Basic UNIX system administration CS 2204 Class meeting 14 *Notes by Doug Bowman and other members of the CS faculty at Virginia Tech. Copyright
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.
System Administration II
UNIX To do work for the class, you will be using the Unix operating system. Once connected to the system, you will be presented with a login screen. Once.
“given enough eyeballs, all bugs are shallow” -Linus Torvald
Overview – SOE Sudo SEP 2014.
...looking a bit closer under the hood
Sudoers Meryll Larkin - that's me Why you are here:
Andy Wang Object Oriented Programming in C++ COP 3330
Overview – SOE Sudo Dec 2013.
Rootly Powers and Controlling Processes
Basic Commands ls cp ls –l (in detail format) echo ls –a
Chapter 11: Managing Users
User Management.
Hands On UNIX AfNOG 2010 Kigali, Rwanda
Overview – SOE Sudo September 2016.
Overview – SOE Sudo November 2015.
Chapter 3 Rootly Powers.
Unix Systems Administration
Hands On UNIX AfNOG X Cairo, Egypt
Chapter 2 User Management
Users and Accounts Lab 0.1. Users and Accounts Lab 0.1.
Introduction to UNIX.
Linux Users and Groups Management
IS3440 Linux Security Unit 3 User Account Management
Adding New Users, Storage, File System
Unix : Introduction and Commands
The Linux Command Line Chapter 9
UNIX RTFM: ulimit(1)/limit(1)
User Management.
Chapter Introduction 3.2 The UNIX Model of Ownership
The Attack and Defense of Computers
Module 13 System and User Security
Rootly Powers Chapter 3.
Adding New Users.
Set-UID Privileged Programs
Presentation transcript:

UNIX Command RTFM: sudo(8) Gilbert Detillieux April 12, 2011 MUUG Meeting

What does sudo do?... Like su: run as substitute user But do: typically, run a specific command Safer than su: Don’t need to share root/admin passwords (authentication via invoking user’s password) Can only do what’s been specifically granted (role-based access control) in sudoers file Logs failures and successful commands

What sudo doesn’t do... Doesn’t allow what hasn’t been granted Doesn’t override file/directory permission Doesn’t affect your current shell/environment: Can’t do this: sudo cd /private/dir Doesn’t make non-executables executable Doesn’t turn your system into Ubuntu!

sudo(8) Man Page NAME SYNOPSIS sudo, sudoedit – execute a command as another user SYNOPSIS sudo -l[l] [-g groupname|#gid] [-U username] [-u username|#uid] [command] sudo [-g groupname|#gid] [-u username|#uid] [VAR=value] [-i | -s] [command] sudoedit [-g groupname|#gid] [-u username|#uid] file ...

sudo(8) Man Page (cont.) OPTIONS -l[l] list allowed (and forbidden) commands for invoking user (or user specified by -U) on current host Double up the “l” for longer format output -g sets primary group to groupname or gid -u runs as user specified by username or uid (instead of root) -i simulates initial login: Uses shell from passwd(5) Reads .profile/.login, etc. Initializes environment, leaving DISPLAY and TERM unchanged, setting (only) HOME, SHELL, USER, LOGNAME, and PATH -s runs shell specified by SHELL

sudo(8) Examples Interactive shell: sudo –i or sudo –s Specific command: sudo cat /etc/shadow Edit a file: sudo vi /etc/shadow sudoedit /etc/shadow

sudoers(5) Examples: # User privilege specification: # User_List Host_List = (Runas_List) Tag_Spec Cmnd root ALL=(ALL) ALL # Members of admin group may gain root privileges: %admin ALL=(ALL) ALL

sudoers(5) Examples: Cmnd_Alias CGIHELPER = /usr/local/sbin/cgihelper # Normally, require a tty, to not show password in clear… # ... but override for specific commands run by CGI scripts... Defaults!CGIHELPER !requiretty # Allows owner of particular CGI scripts to run # “helper” command as other users... webuser ALL=(ALL) NOPASSWD: CGIHELPER

sudoers(5) Examples: # Allow non-root user to mount a backup drive (/etc/fstab): LABEL=backup /mnt/backup ext3 rw,noauto,noatime,user 1 0 # Allow same user to fsck the drive (/etc/sudoers): backuser ALL=(root) NOPASSWD: /sbin/fsck LABEL\=backup backuser ALL=(root) NOPASSWD: /sbin/fsck -f LABEL\=backup # Also allow RAID admin on drive: backuser ALL=(root) /usr/bin/drobom

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.