Sudo

From Omnia
Revision as of 22:12, 16 October 2023 by Kenneth (talk | contribs) (→‎Sudo Config)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

sudo

Edit Sudo Config

visudo

Sudo Config

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
## Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
## Allow user to restart apache
# minecraft  ALL=/sbin/service httpd restart
## Allow users to reboot
%users	ALL=/sbin/reboot

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) NOPASSWD:ALL
kenneth ALL=(ALL:ALL) NOPASSWD:ALL

Other Examples

apache	ALL=NOPASSWD: /var/www/chpasswd

ilock	ALL=NOPASSWD: /opt/admin/lock, /opt/admin/unlock

Apache Script to Reboot Host

reboot.php:

<?php
echo shell_exec("sudo /sbin/reboot");
?>

visudo:

www-data ALL=NOPASSWD: /sbin/reboot

ref: [1]

Sudo Voodoo

Sudo Voodoo

Usage:

sudo <command>
sudo -u <user> <command>

List commands and privileges available to the current user:

sudo -l

Edit /etc/sudoers with visudo:

Username    Hosts=(Usernames or UIDs)) Commands 

Example:

# User privilege specification
root    ALL=(ALL) ALL
%admin  ALL=(ALL) ALL
strike  ALL=(ALL) NOPASSWD:ALL

# Uncomment to allow people in group wheel to run all commands
%wheel        ALL=(ALL)       ALL

Forgot Sudo?

You can use '!!' to recall the last command (that failed)

$ rm -rf /home/user1
  Permission Denied!
$ sudo !!

Source: Forgetting Sudo (we've all done it) | Linux Journal

Issues

sudo: sorry, you must have a tty to run sudo

If you try to run sudo in a batch program you may get this error. Simply comment out the following line in 'visudo':

#Default requiretty

keywords

sudo visudo