[NTLUG:Discuss] Using SUDO

Jim Wildman jim at rossberry.com
Sat Dec 29 10:40:34 CST 2001 

At the most basic level....
as root
visudo

copy the line which says
root    ALL=(ALL) ALL

replace root with your user name.  Save and exit.  Exit root.
sudo tail /var/log/maillog
or something.  It should work.  This means that you can run any command
root can.  The one catch is that your path probably doesn't include the
sbin directories, so you either need to add them, or execute commands
with absolute pathnames (/sbin/ifconfig).

This works ok on a single user box.  On a more complex scale, you can
create groups of users, commands, and hosts and only allow certain
commands to be executed with specific options by particular users.  For
instance, I've created perl scripts to kill specific groups of
processes.  Then given sudo privilege to operators on those scripts, not
on kill itself.  So then can do what they need, but no more.  Some
examples are at http://www.rossberry.com/writings/sysadmin.html towards
the bottom.

------------------------------------------------------------------------
Jim Wildman, CISSP                                      jim at rossberry.com
817-308-3868                                     http://www.rossberry.com

On Sat, 29 Dec 2001, Jason Ferguson wrote:

> I've tried man sudo and man sudoers, but they go into so much detail
> that it isnt really geared towards a simple moethod of doing the job.
> 
> Anyhow, here's what I ended up doing (my /etc/sudoers file):
> # sudoers file.
> #
> # This file MUST be edited with the 'visudo' command as root.
> #
> # See the man page for details on how to write a sudoers file.
> #
> 
> # Host alias specification
> 
> # User alias specification
> User_Alias      APTERS = (my user name)
> 
> # Cmnd alias specification
> Cmnd_Alias      APT = /usr/bin/apt-get, /usr/bin/dpkg
> 
> # User privilege specification
> root    ALL=(ALL) ALL
> APTERS  ALL=APT
> 
> Hopefully that will do the job.
> 
> Jason
> 
> On Sat, 2001-12-29 at 09:59, Fred James wrote:
> > Have you tried "man sudo" ?
> > 
> > Jason Ferguson wrote:
> > 
> > > Can anyone give me or point me to a quick reference on using sudo? I've
> > > never learned how to use it, and Im sick of having to su to root to use
> > > apt-get to update my system.
> > > 
> > > Jason
> > > 
> > > 
> > > 
> > 
> > 
> > -- 
> > ...make every program a filter...
> > 
> > 
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> 
>

More information about the Discuss mailing list