Sudo: Difference between revisions

From Omnia
Jump to navigation Jump to search
 
Line 13: Line 13:
  %wheel  ALL=(ALL)      ALL
  %wheel  ALL=(ALL)      ALL


  ## Same thing without a password
  ## Same thing without a password (with or without space works)
  # %wheel        ALL=(ALL)      NOPASSWD: ALL
  # %wheel        ALL=(ALL)      NOPASSWD: ALL


Line 28: Line 28:
  ## Allow users to reboot
  ## Allow users to reboot
  %users ALL=/sbin/reboot
  %users ALL=/sbin/reboot
## Super user
kenneth        ALL=(ALL:ALL)      NOPASSWD:ALL


----
----

Revision as of 18:19, 16 July 2024

sudo

Edit Sudo Config

visudo

Sudo Config

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
## Same thing without a password (with or without space works)
# %wheel        ALL=(ALL)       NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
## Allow user to restart apache
# minecraft  ALL=/sbin/service httpd restart
## Allow users to reboot
%users	ALL=/sbin/reboot
## Super user
kenneth        ALL=(ALL:ALL)       NOPASSWD:ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) NOPASSWD:ALL
kenneth ALL=(ALL:ALL) NOPASSWD:ALL

Other Examples

apache	ALL=NOPASSWD: /var/www/chpasswd

ilock	ALL=NOPASSWD: /opt/admin/lock, /opt/admin/unlock

Apache Script to Reboot Host

reboot.php:

<?php
echo shell_exec("sudo /sbin/reboot");
?>

visudo:

www-data ALL=NOPASSWD: /sbin/reboot

ref: [1]

Sudo Voodoo

Sudo Voodoo

Usage:

sudo <command>
sudo -u <user> <command>

List commands and privileges available to the current user:

sudo -l

Edit /etc/sudoers with visudo:

Username    Hosts=(Usernames or UIDs)) Commands 

Example:

# User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL
strike  ALL=(ALL) NOPASSWD:ALL

# Uncomment to allow people in group wheel to run all commands
%wheel        ALL=(ALL)       ALL

Forgot Sudo?

You can use '!!' to recall the last command (that failed)

$ rm -rf /home/user1
  Permission Denied!
$ sudo !!

Source: Forgetting Sudo (we've all done it) | Linux Journal

Issues

sudo: sorry, you must have a tty to run sudo

If you try to run sudo in a batch program you may get this error. Simply comment out the following line in 'visudo':

#Default requiretty

keywords

sudo visudo