Sudo for dummies?
Joe
josephj at main.nc.us
Wed Jun 8 04:08:43 EDT 2005
Thanks to both of you for the good suggestions. I would like to
narrowit down a bit - just in case.
Joe
John Seth wrote:
> If you only want a few commands to be run as root using sudo, and only
> from a specific machine, try this specifying those commands... ie:
>
> username machinename = (root) /usr/sbin/apachectl, /path/to/command
>
> This way you see what's specifying what... The username you want to
> allow running priviliged commands comes first, followed by the name of
> the machine... if you run your own domain/hosting it may be something
> like "machinename.domain.com". Then follow it with an = sign and root
> in paren's (tells sudo which user to run as). Lastly, follow up with
> a comma separated list of commands that you want the user to be
> allowed to run as root.
>
> Depending on your preferred level of security, you can do as Dustin
> mentioned which will allow anyone to log into your computer from any
> host and run any command as root, or narrow it down to your liking.
>
> I hope that helps to clarify the seemingly complex sudoers file :) And
> be sure to edit/update the sudoers file using the 'visudo' command.
> It works just like vim/vi (to exit w/o saving use ":q!" and to exit
> and save, use ":wq").
>
> -- Tony Evans
>
>
>
>
> Dustin Reiner wrote:
>
>> run visudo as root, and add the following below the line that reads
>>
>> root ALL=(ALL) ALL
>>
>> <username> ALL=(ALL) ALL
>>
>> where <username> is the user you want to have sudo access. This
>> basically says allow <username> to run all commands from all machines
>> as all users (or in other words, do anything). Then to run any
>> command, just use sudo before it. I.E.
>> sudo service httpd start
>> This gives your user the capability to do anything as root without
>> actually logging in as root.
>>
>> -Dustin
>> On 6/7/05, Joe <josephj at main.nc.us> wrote:
>>
>>> Hi. I have a few priviledged commands I would like to be able to
>>> run as
>>> a user without using su.
>>> For the most part, I could put them all (or symlinks to them) in one
>>> protected directory.
>>>
>>> I just read the man pages for sudo, sudoers, visudo and got overwhelmed
>>> by all the options.
>>>
>>> My machine is basically single user (me and root) and is relatively
>>> physically secure. I'm still running Mandrake 9.1.
>>>
>>> Can someone show me how to set sudo up in a minimal fashion?
>>> It looks like it's not that complicated once you narrow it down to just
>>> a few things to do.
>>>
>>> TIA
>>>
>>> Joe
>>>
>>> --
>>> "If we treat people as they are, we make them worse. If we treat
>>> people as they ought to be, we help them become what they're capable
>>> of becoming." -- Goethe
>>>
>>>
>>>
>>
>>
>>
>>
>
--
"Each of us is put here in this time and this place to personally decide the future of humankind. Did you think you were put here for something less?" -- Chief Arvol Looking Horse
More information about the nflug
mailing list