Thursday, May 29

How to work SUDO in Linux (RHEL/CentOS 5 &6)


 Sudo is a concept which is used to specify a customized  privilege commands to non-privileged  users. Sudo is called super user do. All sudo configuration is located under /etc/sudoers file.

      To edit sudo configuration file use visudo command.

            Add users using useradd command

                       
                        #useradd   Sradmin1

                        #useradd   jradmin1

                        #useradd   jradmin2

                        #useradd   jradmin3

                        #useradd   jradmin4

            --> Assign the passwords using passwd command.

            --> Open sudo configuration.

                        #visudo  -f  /etc/sudoers

                        In any where type (Root access to Sradmin1)

                        Sradmin1     All        = (All)   All

where
            sradmin1                      = Name of user to be allowed to use sudo

              All                               =  Allow sudo access from any terminal (any Machine)

             (All)                             = Allow sudo command to be executed as any user.

             ALL                            = Allow all commands to be executed.

--> Sudo access to a group (group name is “admins”)

             %admins   All   = (All)   ALL

            Note: always group should be have % symbol.

            Where
                    admins                            --> name of group to be allowed to use sudo.

                       All                               --> Allow sudo access from any Machine

                       (All)                             --> Allow sudo command to be executed as any user.
                       
                       ALL                             --> Allow all commands to be executed

            Eg:-

1.  user level:

                                    #visudo  -f  /etc/sudoers

                                    jradmin1  All = /usr/sbin/useradd, /usr/sbin/userdel

                                    :wq (save & quit)

check it

                        # su - jradmin1

                        $ sudo /usr/sbin/useradd Mahesh1

                                    (give full path of command)

  To check the user
                       
                            # vim  /etc/passwd

  Then delete the user

                        $ sudo /usr/sbin/userdel  -r  Mahesh1

           
Eg:-

2.  Group – level

                        #groupadd  admins

                        #useradd  -g admins  jradmin5

                        #useradd  -g admins  jradmins6

                        #visudo  -f  /etc/sudoers

                        Write any where in this configuration file

                        % admins  ALL = /user/sbin/usermod

                        : wq (save & quit)


  Check it

                        #su - jradmins

                        $sudo /usr/sbin/usermod  -g  admins  jradmin4

                        Here modify user jradmin4 group to admins.


In sudo configuration Aliases are there

 i.  user alias              
 ii. command alias

                        #visudo -f /etc/sudoers

                        Then write any where

                        user _alias  JRADMIN       =  jradmin2, jradmin3

                        cmnd-alias USERADMIN  = /usr/sbin/useradd, /usr/sbin/userdel

                        JRADMIN        ALL            = USERADMIN
                       
                        : wq (save & quit)

            Here jradmin2 and jradmin3 are access useradd and userdel commands.

  Check it

                        #su - jradmin3

                        $sudo   /usr/sbin/useradd   Mahesh

            To check the user

                        $ tail -5  /etc/passwd


No comments:

Post a Comment

:: Linux - Legends ::