Main menu

Linux sudo command

Linux sudo command  allows a user to execute a command as another user. All the sudo command  configuration is stored in /etc/sudoers. You can assign a specific command to a user from a specific host.

Open your /etc/sudoers file and

Syntax : <USER> <MACHINE> = <(RUN AS USER)> <COMMAND>

Lets see an example and edit our sudoers file.

zolan 192.168.10.205 = (admin) /sbin/fdisk

Here zolan can run fdisk command from 192.168.10.205 as a admin user.

[zolan@sector19 ~]$sudo -u admin fdisk -l

We are running 'fdisk -l'command as admin user.

Let see some more
zolan ALL=(ALL) ALL

In this example user zolan is permitted to run any command from system as any user including root.If you are not specifying the user default is root.

[zolan@sector19 ~]$sudo  fdisk -l

If you don't want to enter the password all the time before running sudo command you can specify nopassword in sudoers file.

zolan ALL=(ALL) NOPASSWD:ALL

#Rather then specifying user name we can specify the group name instead, here we have admingroup and all memebrs in admin group can run command 'fdisk -l'

%admingroup ALL = (ALL) /sbin/fdisk

Let's see some real world example

Host_Alias     admin-pc= 192.168.10.1, 192.168.10.2

Host_Alias     user-pc= 192.168.10.11, 192.168.10.12

Runas_Alias runas-user=wheel, httpd, ftp

Cmnd_Alias networks-cmd= /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient,  /sbin/iptables,

Cmnd_Alias general-cmd=/sbin/lsusb, /sbin/lspci, /sbin/mount.nfs

User_Alias admin = zolan, vaibhav

User_Alias users = jack, jil, mac

admin admin-pc = ( runas-user)  networks-cmd

users user-pc = ( runas-user)   general-cmd

In above example we have create aliases for Users, Runas Users,  Machines ip and commands. By this way we can manage permissions on large level.

 

FacebookTwitterGoogle+RSS