By default, this is the root account. This prevents using user paths which may be harmful. This means that our root user can run any command using sudo , as long as they provide their password. The next two lines are similar to the user privilege lines, but they specify sudo rules for groups. Here, we see the admin group can execute any command as any user on any host.
Similarly, the sudo group has the same privileges, but can execute as any group as well. It does begin with a , which usually indicates a comment. This is mainly meant for applications to alter sudo privileges upon installation.
The syntax for editing these files would be:. The most common operation that users want to accomplish when managing sudo permissions is to grant a new user general sudo access. This is useful if you want to give an account full administrative access to the system. The easiest way of doing this on a system set up with a general purpose administration group, like the Ubuntu system in this guide, is actually to add the user in question to that group. For example, on Ubuntu We can grant a user these same privileges by adding them to the group like this:.
Group names must start with a capital letter. Just keep in mind that later rules will override earlier rules when there is a conflict between the two. There are a number of ways that you can achieve more control over how sudo reacts to a call. The updatedb command associated with the mlocate package is relatively harmless on a single-user system. If we want to allow users to execute it with root privileges without having to type a password, we can make a rule like this:.
For example, some programs, like less , can spawn other commands by typing this from within their interface:. This basically executes any command the user gives it with the same permissions that less is running under, which can be quite dangerous. There are a few more pieces of information that may be useful when dealing with sudo. For convenience, by default, sudo will save your authentication details for a certain amount of time in one terminal. For security purposes, if you wish to clear this timer when you are done running administrative commands, you can run:.
You will be prompted for your password, which will be cached for later sudo uses until the sudo time frame expires. This gives you a good idea of what you will or will not be allowed to do with sudo as any user. There are many times when you will execute a command and it will fail because you forgot to preface it with sudo.
The double exclamation point will repeat the last command. We preceded it with sudo to quickly change the unprivileged command to a privileged command. This will cause sudo to return a silly insult when a user types in an incorrect password for sudo. Group administrators — Group members listed here in a comma delimited list can add or remove group members using the gpasswd command. Group members — Group members listed here in a comma delimited list are regular, non-administrative members of the group.
This line shows that the general group has no password and does not allow non-members to join using the newgrp command. In addition, shelley is a group administrator, and juan and bob are regular, non-administrative members. Since editing these files manually raises the potential for syntax errors, it is recommended that the applications provided with Red Hat Enterprise Linux for this purpose be used instead.
Security is improved because general users can not read. You can also output a list of groups even if you specify the option "group" for the "getent" command. Also, it will display the group registered in ldap. Notes Users can belong to more than one group. When a user creates a file, the user's primary group is set as a group of files. Notes To set the group password, use the gpasswd command.
0コメント