User Tools

Site Tools


sudo

If you want to send us your comments, please do so. Thanks
More on comments


sudo

Advice: Use all uppercase for ALIASES in /etc/sudoers which has to be edited with visudo

For normal users, users not being root, when using commands mentioned in visudo they have to be preceded by sudo

man pages

  • man 5 sudoers

Defaults

  • Defaults editor=/bin/nano
  • Defaults env_reset # Commands are executed with a new, minimal, environment
  • Defaults mail_badpass # Send an e=mail on a failed password attempt
  • Defaults secure_path=“/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”
  • Defaults timestamp_timeout=120 # After this time the sudoer has to enter his password again

See also man 5 sudoers

An other editor

sudo EDITOR=gedit visudo

Meanings

USER ALL=(ALL:ALL) NOPASSWD:ALL
user
     hostname=
          (owner:
              group)
                   Can be omitted: 
                            Commands including options

%GROUPNAME means group

Implementing sudo

  • Edit /etc/sudoers with visudo
  • Note that these
    ',' ':' '=' '\'

    characters must be escaped with a '\' if they are used in command arguments

  • When using sudo, use alias expansion (otherwise sudo ignores your aliases)
    alias sudo='sudo '
  • Wildcards are allowed. This works: user ALL=(root:ALL) NOPASSWD:/bin/mount * *
  • New and changed entries become active only after visudo is closed
  • In paths make sure the tailing / is not there. Or the same as in the command as in visudo

Examples

Allow members of group sudo to execute any command on any host

%sudo   ALL=(ALL:ALL) ALL

Open a truecrypt container

How to open a truecrypt container without entering the user or root password.
As root do

visudo

Add to the “User privilege specification”

user Hostname=(root:ALL) NOPASSWD:/usr/bin/truecrypt

Close visudo

Issues

Security

When added to visudo

user     hostname=(root:ALL) NOPASSWD:/bin/chown -R user\:user /var/backups/user

this does not work when used. Problably because of security reasons.
When

user        ALL=(ALL:ALL) ALL

is enabled / added to visudo and

sudo /bin/chown -R user\:user /var/backups/user

is executed the ownership is changed. Reason for the difference is not known by us so far
This works

user     ALL=(root:ALL) NOPASSWD:/bin/chown *\:* *

Recover from broken /etc/sudoers

Login as root and do

visudo

and fix /etc/sudoers
If you can not login as root, use a live cd to edit /etc/sudoers

Becoming root

sudo su - # In the root environment
sudo -s > /dev/null

Debian Wiki sudo
Sudoers


Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy

RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
sudo.txt · Last modified: 23-02-2024 00:43 by wim