Sudo: Difference between revisions
Jump to navigation
Jump to search
(One intermediate revision by the same user not shown) | |||
Line 13: | Line 13: | ||
%wheel ALL=(ALL) ALL | %wheel ALL=(ALL) ALL | ||
## Same thing without a password | ## Same thing without a password | ||
# %wheel ALL=(ALL) NOPASSWD: ALL | # %wheel ALL=(ALL) NOPASSWD: ALL | ||
Line 28: | Line 28: | ||
## Allow users to reboot | ## Allow users to reboot | ||
%users ALL=/sbin/reboot | %users ALL=/sbin/reboot | ||
---- | ---- | ||
Line 37: | Line 34: | ||
%sudo ALL=(ALL:ALL) NOPASSWD:ALL | %sudo ALL=(ALL:ALL) NOPASSWD:ALL | ||
kenneth ALL=(ALL:ALL) NOPASSWD:ALL | kenneth ALL=(ALL:ALL) NOPASSWD:ALL | ||
Note: with or without space after nopassword works | |||
== Other Examples == | == Other Examples == |
Latest revision as of 18:20, 16 July 2024
sudo
Edit Sudo Config
visudo
Sudo Config
## Allow root to run any commands anywhere root ALL=(ALL) ALL
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now
## Allow user to restart apache # minecraft ALL=/sbin/service httpd restart
## Allow users to reboot %users ALL=/sbin/reboot
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) NOPASSWD:ALL kenneth ALL=(ALL:ALL) NOPASSWD:ALL
Note: with or without space after nopassword works
Other Examples
apache ALL=NOPASSWD: /var/www/chpasswd ilock ALL=NOPASSWD: /opt/admin/lock, /opt/admin/unlock
Apache Script to Reboot Host
reboot.php:
<?php echo shell_exec("sudo /sbin/reboot"); ?>
visudo:
www-data ALL=NOPASSWD: /sbin/reboot
ref: [1]
Sudo Voodoo
Usage:
sudo <command> sudo -u <user> <command>
List commands and privileges available to the current user:
sudo -l
Edit /etc/sudoers with visudo:
Username Hosts=(Usernames or UIDs)) Commands
Example:
# User privilege specification root ALL=(ALL) ALL %admin ALL=(ALL) ALL strike ALL=(ALL) NOPASSWD:ALL # Uncomment to allow people in group wheel to run all commands %wheel ALL=(ALL) ALL
Forgot Sudo?
You can use '!!' to recall the last command (that failed)
$ rm -rf /home/user1 Permission Denied! $ sudo !!
Source: Forgetting Sudo (we've all done it) | Linux Journal
Issues
sudo: sorry, you must have a tty to run sudo
If you try to run sudo in a batch program you may get this error. Simply comment out the following line in 'visudo':
#Default requiretty
keywords
sudo visudo