Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview – SOE Sudo SEP 2014.

Published byLucas Atkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview – SOE Sudo SEP 2014."— Presentation transcript:

1 Overview – SOE Sudo SEP 2014

2 What is SOE Sudo? Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. Users and commands can be defined in sudo configuration file /etc/sudoers Sudo access can be monitored by /var/[adm/log]/sudo.log (Default path) Allows users to run programs with the security privileges of another user A highly configurable tool Allows for Least Privilege methodology Logs each command run

3 Why do you Need Sudo? UNIX root account is all or nothing
Want everyone to have the root password? Want to have to change it every time one of those folks leave? Want to give selective root access by user/machine/command? Want to know what someone did as root? Can also be used to control others users ... but we don`t use that yet UnixSOE Enterprise Suite v9.0 Sudo can help you with all of these dilemma`s!

4 SOE Sudo command line options
-b (background) : To run the given command in the background -E (preserve environment) : user wishes to preserve their existing environment variables -h (help) option causes sudo to print a short help message to the standard output and exit -k (kill) option to sudo invalidates the user's cached credentials -n (non-interactive) : This option prevents sudo from prompting the user for a password the -l (list) option will list the allowed (and forbidden) commands for the invoking user on the current host The -s (shell) : option runs the shell specified by the SHELL environment variable -v (validate) option : sudo will update the user's cached credentials, authenticating the user's password if necessary. The -- option indicates that sudo should stop processing command line arguments

5 Examples of SOE sudo Execute ‘su’ command using Sudo
$ /opt/soe/local/bin/sudo su To get a file listing of an unreadable directory: $ /opt/soe/local/bin/sudo ls /usr/local/protected To edit the index.html file as user www $ /opt/soe/local/bin/sudo -u www vi ~www/htdocs/index.html To shutdown a machine: $ /opt/soe/local/bin/sudo shutdown -r +15 "quick reboot“ To run an editor as xxx with a different primary group : $ /opt/soe/local/bin/sudo -u xxx -g audio vi ~xxx/sound.txt To view system logs only accessible to root and users in the adm group: $ /opt/soe/local/bin/sudo -g adm view /var/log/syslog To make a usage listing of the directories in the /home partition: $ /opt/soe/local/bin/sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

6 Sample /etc/sudoers #; /etc/sudoers #; Sample sudoers file
#; Host aliases, in the form of subnets or (eek!) hostnames. Host_Alias DPUNET = /16 #; User aliases User_Alias SYSTEM_ADMIN = nancy, drew #; RunAs aliases; what privileges are given to the sudoee Runas_Alias DBA = oracle #; Command aliases. What people can do. Cmnd_Alias SU = /usr/bin/su, /usr/bin/sudo # Defaults specification Defaults syslog=auth,log_year,logfile=/var/log/sudo.log #; Root can do anything w/o a password. root ALL = (ALL) NOPASSWD: ALL #; Nancy can do anything on the private network EXCEPT for su and visudo. nancy PRIVNET = (ALL) ALL,!SU,!VISUDO #; On the shell servers, student can reset passwords except for root's password. STUDENT SHELLSERVER = (ALL) PASSWORD

7 SOE sudo – Supported OS Operating System Version Architecture Sun
Solaris 8 Sun Sparc Solaris 9 Solaris 10 Sun Sparc/x86-64 Architecture Solaris 11 HP-UX HP-UX11i HP PA-RISC HP-UX11i V2 (11.23) HP PA-RISC/ HP Itanium HP-UX11i V3 (11.31) AIX AIX 5.3 IBM pSeries AIX 6.1 AIX 7.1

8 UnixSOE Sudo-1.8.10p3– What is New?
New features Removed a warning on PAM systems with stacked auth modules where the first module on the stack does not succeed. Fixed expansion of the %p escape in the prompt for "sudo -l" when rootpw, runaspw or targetpw is set. Bug #639. Fixed matching of uids and gids which was broken in version Bug #640. PAM credential initialization has been re-enabled. It was unintentionally disabled by default in version The way credentials are initialized has also been fixed. Bug #642. Fixed a descriptor leak on Linux when determing boot time. Sudo normally closes extra descriptors before running a command so the impact is limited. Bug #645. Fixed flushing of the last buffer of data when I/O logging is enabled. This bug, introduced in version 1.8.9, could cause incomplete command output on some systems. Bug #646.

9 Product Support Helpline
Questions & Feedback Product Support Helpline

Download ppt "Overview – SOE Sudo SEP 2014."

Similar presentations

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.
Linux Users and Groups Management

Linux Users and Groups Management
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.

Chapter 3 Rootly Powers. Computer Center, CS, NCTU 2 The Root  Root Root is God, also called super-user. UID is 0  UNIX permits the superuser to perform.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.

Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.

Introduction to Unix Administration Objectives –to identify the basic concepts of Unix administration Contents –history of Unix –unix vendors and standards.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.

CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.

Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
NT4 SP4 Security Jack Schmidt - Fermilab

NT4 SP4 Security Jack Schmidt - Fermilab
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 9: Basic Linux Administration Chapter 11: System Administration: Core Concepts Chapter 16:

A Practical Guide to Fedora and Red Hat Enterprise Linux Unit 9: Basic Linux Administration Chapter 11: System Administration: Core Concepts Chapter 16:
Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.

Introduction to System Admin Sirak Kaewjamnong. 2 The system administration’s job  Adding a new user  Doing backup and restoring files from backups.
Shell Advanced Features. Module 8 Shell Advanced Features ♦ Introduction In Linux systems, the shells are often referred to as command line interfaces.

Shell Advanced Features. Module 8 Shell Advanced Features ♦ Introduction In Linux systems, the shells are often referred to as command line interfaces.

Similar presentations

Ads by Google