Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIX Command RTFM: sudo(8)

Published by前 费 Modified over 7 years ago

Similar presentations

Presentation on theme: "UNIX Command RTFM: sudo(8)"— Presentation transcript:

1 UNIX Command RTFM: sudo(8)
Gilbert Detillieux April 12, MUUG Meeting

2 What does sudo do?... Like su: run as substitute user
But do: typically, run a specific command Safer than su: Don’t need to share root/admin passwords (authentication via invoking user’s password) Can only do what’s been specifically granted (role-based access control) in sudoers file Logs failures and successful commands

3 What sudo doesn’t do... Doesn’t allow what hasn’t been granted
Doesn’t override file/directory permission Doesn’t affect your current shell/environment: Can’t do this: sudo cd /private/dir Doesn’t make non-executables executable Doesn’t turn your system into Ubuntu!

4 sudo(8) Man Page NAME SYNOPSIS
sudo, sudoedit – execute a command as another user SYNOPSIS sudo -l[l] [-g groupname|#gid] [-U username] [-u username|#uid] [command] sudo [-g groupname|#gid] [-u username|#uid] [VAR=value] [-i | -s] [command] sudoedit [-g groupname|#gid] [-u username|#uid] file ...

5 sudo(8) Man Page (cont.) OPTIONS
-l[l] list allowed (and forbidden) commands for invoking user (or user specified by -U) on current host Double up the “l” for longer format output -g sets primary group to groupname or gid -u runs as user specified by username or uid (instead of root) -i simulates initial login: Uses shell from passwd(5) Reads .profile/.login, etc. Initializes environment, leaving DISPLAY and TERM unchanged, setting (only) HOME, SHELL, USER, LOGNAME, and PATH -s runs shell specified by SHELL

6 sudo(8) Examples Interactive shell: sudo –i or sudo –s
Specific command: sudo cat /etc/shadow Edit a file: sudo vi /etc/shadow sudoedit /etc/shadow

7 sudoers(5) Examples: # User privilege specification:
# User_List Host_List = (Runas_List) Tag_Spec Cmnd root ALL=(ALL) ALL # Members of admin group may gain root privileges: %admin ALL=(ALL) ALL

8 sudoers(5) Examples: Cmnd_Alias CGIHELPER = /usr/local/sbin/cgihelper
# Normally, require a tty, to not show password in clear… # ... but override for specific commands run by CGI scripts... Defaults!CGIHELPER !requiretty # Allows owner of particular CGI scripts to run # “helper” command as other users... webuser ALL=(ALL) NOPASSWD: CGIHELPER

9 sudoers(5) Examples: # Allow non-root user to mount a backup drive (/etc/fstab): LABEL=backup /mnt/backup ext3 rw,noauto,noatime,user 1 0 # Allow same user to fsck the drive (/etc/sudoers): backuser ALL=(root) NOPASSWD: /sbin/fsck LABEL\=backup backuser ALL=(root) NOPASSWD: /sbin/fsck -f LABEL\=backup # Also allow RAID admin on drive: backuser ALL=(root) /usr/bin/drobom

10 Questions?

Download ppt "UNIX Command RTFM: sudo(8)"

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux Users and Groups Management

Linux Users and Groups Management
Basic Unix system administration

Basic Unix system administration
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.

Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.

Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.

Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.

Similar presentations

Ads by Google