Sudo
sudo
Edit Sudo Config
visudo
Sudo Config
## Allow root to run any commands anywhere root ALL=(ALL) ALL
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now
## Allow user to restart apache # minecraft ALL=/sbin/service httpd restart
## Allow users to reboot %users ALL=/sbin/reboot
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) NOPASSWD:ALL kenneth ALL=(ALL:ALL) NOPASSWD:ALL
Note: with or without space after nopassword works
Other Examples
apache ALL=NOPASSWD: /var/www/chpasswd ilock ALL=NOPASSWD: /opt/admin/lock, /opt/admin/unlock
Apache Script to Reboot Host
reboot.php:
<?php
echo shell_exec("sudo /sbin/reboot");
?>
visudo:
www-data ALL=NOPASSWD: /sbin/reboot
ref: [1]
Sudo Voodoo
Usage:
sudo <command> sudo -u <user> <command>
List commands and privileges available to the current user:
sudo -l
Edit /etc/sudoers with visudo:
Username Hosts=(Usernames or UIDs)) Commands
Example:
# User privilege specification root ALL=(ALL) ALL %admin ALL=(ALL) ALL strike ALL=(ALL) NOPASSWD:ALL # Uncomment to allow people in group wheel to run all commands %wheel ALL=(ALL) ALL
Forgot Sudo?
You can use '!!' to recall the last command (that failed)
$ rm -rf /home/user1 Permission Denied! $ sudo !!
Source: Forgetting Sudo (we've all done it) | Linux Journal
Issues
sudo: sorry, you must have a tty to run sudo
If you try to run sudo in a batch program you may get this error. Simply comment out the following line in 'visudo':
#Default requiretty
keywords
sudo visudo