Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview – SOE Sudo November 2015.

Published byBertram Briggs Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview – SOE Sudo November 2015."— Presentation transcript:

1 Overview – SOE Sudo November 2015

2 What is SOE Sudo? Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. Users and commands can be defined in sudo configuration file /etc/sudoers Sudo access can be monitored by /var/[adm/log]/sudo.log (Default path) Allows users to run programs with the security privileges of another user A highly configurable tool Allows for Least Privilege methodology Logs each command run

3 Why do you Need Sudo? UNIX root account is all or nothing
Want everyone to have the root password? Want to have to change it every time one of those folks leave? Want to give selective root access by user/machine/command? Want to know what someone did as root? Can also be used to control others users ... but we don`t use that yet UnixSOE Enterprise Suite v10.0 Sudo can help you with all of these dilemma`s!

4 SOE Sudo command line options
-b (background) : To run the given command in the background -E (preserve environment) : user wishes to preserve their existing environment variables -h (help) option causes sudo to print a short help message to the standard output and exit -k (kill) option to sudo invalidates the user's cached credentials -n (non-interactive) : This option prevents sudo from prompting the user for a password the -l (list) option will list the allowed (and forbidden) commands for the invoking user on the current host The -s (shell) : option runs the shell specified by the SHELL environment variable -v (validate) option : sudo will update the user's cached credentials, authenticating the user's password if necessary. The -- option indicates that sudo should stop processing command line arguments

5 Examples of SOE sudo Execute ‘su’ command using Sudo
$ /opt/soe/local/bin/sudo su To get a file listing of an unreadable directory: $ /opt/soe/local/bin/sudo ls /usr/local/protected To edit the index.html file as user www $ /opt/soe/local/bin/sudo -u www vi ~www/htdocs/index.html To shutdown a machine: $ /opt/soe/local/bin/sudo shutdown -r +15 "quick reboot“ To run an editor as xxx with a different primary group : $ /opt/soe/local/bin/sudo -u xxx -g audio vi ~xxx/sound.txt To view system logs only accessible to root and users in the adm group: $ /opt/soe/local/bin/sudo -g adm view /var/log/syslog To make a usage listing of the directories in the /home partition: $ /opt/soe/local/bin/sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"

6 Sample /etc/sudoers #; /etc/sudoers #; Sample sudoers file
#; Host aliases, in the form of subnets or (eek!) hostnames. Host_Alias DPUNET = /16 #; User aliases User_Alias SYSTEM_ADMIN = nancy, drew #; RunAs aliases; what privileges are given to the sudoee Runas_Alias DBA = oracle #; Command aliases. What people can do. Cmnd_Alias SU = /usr/bin/su, /usr/bin/sudo # Defaults specification Defaults syslog=auth,log_year,logfile=/var/log/sudo.log #; Root can do anything w/o a password. root ALL = (ALL) NOPASSWD: ALL #; Nancy can do anything on the private network EXCEPT for su and visudo. nancy PRIVNET = (ALL) ALL,!SU,!VISUDO #; On the shell servers, student can reset passwords except for root's password. STUDENT SHELLSERVER = (ALL) PASSWORD

7 SOE sudo – Supported OS Operating System Version Architecture Sun
Solaris 8 Sun Sparc Solaris 9 Solaris 10 Sun Sparc/x86-64 Architecture Solaris 11 HP-UX HP-UX11i HP PA-RISC HP-UX11i V2 (11.23) HP PA-RISC/ HP Itanium HP-UX11i V3 (11.31) AIX AIX 5.3 IBM pSeries AIX 6.1 AIX 7.1

8 UnixSOE Sudo-1.8.13– What is New?
New features Weak symbols are now used for sudo_warn_gettext() and sudo_warn_strerror() in libsudo_util to avoid link errors when -Wl,--no-undefined is used in LDFLAGS. The --disable-weak-symbols configure option can be used to disable the user of weak symbols. Fixed a bug in sudo's mkstemps() replacement function that prevented the file extension from being preserved in sudoedit. A new mail_all_cmnds sudoers flag will send mail when a user runs a command (or tries to). The behavior of the mail_always flag has been restored to always send mail when sudo is run. New MAIL and NOMAIL command tags have been added to toggle mail sending behavior on a per-command (or Cmnd_Alias) basis. Fixed matching of empty passwords when sudo is configured to use passwd (or shadow) file authentication on systems where the crypt() function returns NULL for invalid salts.

9 Product Support Helpline
Questions & Feedback Product Support Helpline

Download ppt "Overview – SOE Sudo November 2015."

Similar presentations

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.

CIS 193A – Lesson2CIS 193A - Lesson2 Authorization & Authentication Sudo and PAM.
Linux Users and Groups Management

Linux Users and Groups Management
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Operating Systems for Administrators Instructor: Mr. Ahmed Al Astal ITGD4104 Department Requirement for senior student University of Palestine Faculty.

Operating Systems for Administrators Instructor: Mr. Ahmed Al Astal ITGD4104 Department Requirement for senior student University of Palestine Faculty.
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.

Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.

User Account Management WeeSan Lee. Roadmap Add An Account Delete An Account /etc/{passwd,shadow} /etc/group How To Disable An Account? Root Account Q&A.
Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.

Sudo Access with Beowulf Clusters Chris Feehan CS Senior Capstone 12/18/06.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.

Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.
MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.

MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Additional UNIX Commands. 222 Lecture Overview  Multiple commands and job control  More useful UNIX utilities.

Additional UNIX Commands. 222 Lecture Overview  Multiple commands and job control  More useful UNIX utilities.
UNIX Commands. Why UNIX Commands Are Noninteractive Command may take input from the output of another command (filters). May be scheduled to run at specific.

UNIX Commands. Why UNIX Commands Are Noninteractive Command may take input from the output of another command (filters). May be scheduled to run at specific.
Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.

Oracle 10g Database Administrator: Implementation and Administration Chapter 2 Tools and Architecture.
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

Similar presentations

Ads by Google