sudo is a program for Unix-like computer operating systems that allows users to run programs with
the security privileges of another user (normally the superuser, or root). Its name is a concatenation of the su command (which grants the user a shell of another user, normally the
superuser) and "do", or take action.
sudo works under Linux / Mac OS X and all UNIX like operating
systems. Sudo allows you to delegate authority to give certain users or groups
of users the ability to run some commands as root or another user while
providing an audit trail of the commands and their arguments via a log file.
With sudo you don't have to share root password with anybody.
Unlike the
su command, users typically supply their own password to sudo rather than the root password. After
authentication, and if the/etc/sudoers configuration file permits the user access,
then the system will invoke the requested command.visudo is
a command-line utility that allows editing of the /etc/sudoers file
in a safe fashion. It opens /etc/sudoers using
the vi editor's
interface, prevents multiple simultaneous edits with locks, performs sanity checks and checks for parse errors.
Login as a normal user and create a new user account.
For creating a user account, we need a root privilege.
Sudo's main configuration file is /etc/sudoers. Do not edit this using any editors.
Use " visudo " utility to edit the file.
Usage /etc/sudoers Syntax
Following is the general syntax used by /etc/sudoers file:
USER HOSTNAME=COMMAND
Where,
USER HOSTNAME=COMMAND
Where,
§ USER: Name of normal user
§ HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
§ COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify “” to indicate that the command may only be run without command line arguments.
root ALL=(ALL) ALL
senthil1 ALL=Commands ALL
senthil1 ALL=/usr/sbin/useradd, /usr/sbin/userdel
Senthil1 user can execute these two admin commands without the root password.
Login as a normal user, create user using "useradd senthil4"
You need to execute the command with "sudo"
$ sudo /usr/sbin/useradd senthil5
Check with the /etc/passwd file.
cat /etc/passwd
Any other user trying to delete the user accounts using the sudo ... it will be logged.
sudo logs are stored in "/var/log/secure" file
cat /var/log/secure
No comments:
Post a Comment