A multi-user system is a Linux computer which is used by other persons besides you. If you run such a multi-user system, you probably know that users sometimes need to run certain commands as root. Of course, you can't just give them the root password so wouldn't it be nice to allow particular users to run certain commands that require root privileges without having to tell them the root password? There's a well-known tool which will solve this problem, called
sudo.
sudo (
SUperuser
DO) is a tool for Unix-like operating systems that allows normal users to run programs with the security privileges of the system's superuser in a secure manner. Users will have to confirm their identity to sudo by typing-in their password before running the target program. However, which users are allowed to use sudo, what commands are they allowed to execute, as well as other related settings can be configured through the /etc/sudoers file.
The /etc/sudoers content will differ from distribution to distribution
but the structure, however, will most likely be the same in all distributions. The default sudoers file will look like this:
CODE
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults
# User privilege specification
root ALL=(ALL) ALL
- Take for example the /sbin/shutdown command: by default, you won't be able to execute it unless you have root privileges. In order to allow a local user (I'll use softpedia as the example user) to shut down the computer, you'll have to define the alias which represents the shutdown command by adding this line in the
Cmnd alias section:
CODE
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
- Then, in the
User privilege section, you'll have to add the line:
CODE
# User privilege specification
softpedia ALL = SHUTDOWN
- Now, the user softpedia will be able to shutdown the computer by using the command:
# sudo shutdown -h now
- The sudo program will prompt users for their own password (not the root's) before executing the command. If you wish to setup sudo for not prompting users for any password, edit the line in the
User privilege section to look like this:
CODE
softpedia ALL = NOPASSWD: SHUTDOWN
: This will allow the specified user to run any command as root, without having to use su, sudo or constantly type in his or the root password.
- First, add the
OWNER alias by adding the following lines in the
User alias and
User privilege sections of /etc/sudoers file:
CODE
# User alias specification
User_Alias OWNER = softpedia
# User privilege specification
OWNER ALL = NOPASSWD: ALL
- You can define a group of people who are allowed to perform certain administration commands which require root privileges. This can be achieved by adding the following lines in the
User alias,
Cmnd alias and
User privilege sections:
CODE
# User alias specification
User_Alias ADMINS = softpedia,john,david
# Cmnd alias specification
Cmnd_Alias UPDATE = /usr/bin/yum
Cmnd_Alias REBOOT = /usr/bin/reboot
# User privilege specification
ADMINS ALL = UPDATE, REBOOT
- This example will allow the user softpedia, john and david to periodically update the system through
yum and reboot it after the update is complete. Of course, you can define other commands and other users, but keep the same structure. All commands defined can be executed by those users without having the root password.
- The commands are fully logged via syslog.
MORE RELATED ARTICLES: 
Installing NTFS Write Support on Fedora/Ubuntu Setting Up a SHOUTcast Server DSP Plug-In Apache VirtualHosting Guide Building Your Own IRC Server with Services Resetting a Forgotten Root Password How to Setup a Free Backup Solution for MySQL How to Get Connected to the IPv6 Internet
Digg this!
Slashdot it!
Add to del.icio.us
Stumble!
Submit to Reddit
Add to Technorati
Furl
PDF
SHARE YOUR OPINION ABOUT 
DO YOU WANT TO CONTACT US?