Wednesday, January 5, 2011

Sudo How to ..?

Sudo (superuser do) allows a system administrator to work using his own account and switch to root or other user identity available on the system only for commands that need it.



Here i have added four users ashish, akshay, agent and mach for this tutorial to make them sudo users.

Log File for Sudo :

/var/log/messages

SUDO file:

/etc/sudoers

What we will do here:

1. User "ashish" will have access of all commands as root, but with password.
2. User "akshay" will have access of all commands as root, but without password.
3. User "agent" will have limited access of network service, but with password.
4. User "mach" will have limited access of adding users & setting password for them, with password.


To Set sudo users,

#visudo

To set access for Users "Ashish" and "Akshay" add entry as below after "root    ALL=(ALL)       ALL",

ashish  ALL=(ALL)       ALL
akshay  ALL=(ALL)       NOPASSWD: ALL

To set Network service access for user "agent" with Password,

  User_Alias NETSERVICE=agent
Cmnd_Alias NETSERVICE_CMDS=/etc/init.d/network
NETSERVICE ALL=NETSERVICE_CMDS

To give access to user "mach" for two commands "useradd" and "passwd" with passwd

User_Alias LOGIN=mach
Cmnd_Alias LOGIN_CMDS=/usr/sbin/useradd, /usr/bin/passwd
LOGIN ALL=LOGIN_CMDS


Now login with each user & verify .


You will notice here :

1. User "ashish" will have full command access with below syntex, Login with User "ashish";

$sudo fdisk -l

It'll ask for password & show you result.


2. User "akshay" will have full command access with below syntex, Login with User "akshay";

$sudo fdisk -l

It'll not ask you any password & directly show you results.


3. User "agent" will have only network service access with below syntex, Login with User "agent";

$sudo /etc/init.d/network restart {You can also use "start, stop, status" options}

It'll ask for password & show you result.


4. User "mach" will have access for two commands "useradd & passwd" with below syntex, Login with User "mach";

$sudo useradd User1 {Can add User}

$sudo passwd User1 {Can set password for any user}

It'll ask for password & show you result.



_Enjoy  :)

No comments:

Post a Comment