How to define which user can "sudo" and for which commands ?
in [General Linux]
|
Prev: NYC LOCAL: Thursday 15 July 2010 UNIGROUP: Mark G. Sobell on BASH Shell Programming and the Ubuntu UPSTART Init Daemon
Next: FAT16/32 low-level file writing
From: Peter Hanke on 13 Jul 2010 02:37 As you know a "normal" (=non-root) user can perform a "sudo" command. He is asked for his password and can execute the following command with root privileges. But where can i (as root) define which users are allowed to perform a "sudo" ? As far as I heard there is a file called "sudoers" in which I can define these users. Where is this sudoers file and does this apply to all Unix systems (redhat, debian based, resp Solaris) ? Can I define here restrictions (finer granularity) which commands a user "karl" can execute with "sudo" and which not? Or is this an all-or-nothing permission? How do I do this? Peter
From: Chris Davies on 13 Jul 2010 08:20
Peter Hanke <peter_ha(a)andres.net> wrote: > As you know a "normal" (=non-root) user can perform a "sudo" command. Um, provided the sudo package is installed and that user is configued to be able to use the facility, yes. > But where can i (as root) define which users are allowed to perform a > "sudo" ? > Where is this sudoers file and does this apply to all Unix systems > (redhat, debian based, resp Solaris) ? You'll find the file /etc/sudoers on most systems that support sudo. On some (usually non-Linux) systems it might be there, or in /usr/local/etc, or even somewhere under /opt. Solaris doesn't always have sudo installed; you might have to grab it from sunfreeware.com. Many systems provide "visudo" as a command to edit the sudoers file, with post-edit syntax checking. I'd strongly recommend you use this command since sudo "fails safe" and won't run at all if there's an error in the file. Oh, and have a root shell open elsewhere before you start editing, with a copy of the sudoers file safely stashed away as a backup. > Can I define here restrictions (finer granularity) which commands a user > "karl" can execute with "sudo" and which not? You can have fine-grained granularity. "man sudoers" for details, or ask here for specifics since it's not the most intuitive of file configuration schemes. Chris |