Sudo is a concept which is used to
specify a customized privilege commands
to non-privileged users. Sudo is called
super user do. All sudo configuration is located under /etc/sudoers file.
To edit sudo configuration file use visudo command.
Add users using useradd command
#useradd Sradmin1
#useradd jradmin1
#useradd
jradmin2
#useradd
jradmin3
#useradd
jradmin4
--> Assign the passwords using
passwd command.
--> Open sudo configuration.
#visudo -f /etc/sudoers
In any where type (Root access to Sradmin1)
Sradmin1 All = (All) All
where
sradmin1 = Name of user to be allowed to use
sudo
All = Allow sudo access from any terminal (any
Machine)
(All) = Allow sudo
command to be executed as any user.
ALL =
Allow all commands to be executed.
--> Sudo access to a group (group
name is “admins”)
%admins All = (All) ALL
Note:
always group should be have % symbol.
Where
admins --> name of group to be allowed
to use sudo.
All -->
Allow sudo access from any Machine
(All) -->
Allow sudo command to be executed as any user.
ALL -->
Allow all commands to be executed
Eg:-
1.
user level:
#visudo -f /etc/sudoers
jradmin1 All = /usr/sbin/useradd, /usr/sbin/userdel
:wq (save & quit)
check it
# su - jradmin1
$
sudo /usr/sbin/useradd Mahesh1
(give full path of command)
To check the user
# vim
/etc/passwd
Then delete the user
$ sudo /usr/sbin/userdel -r Mahesh1
Eg:-
2.
Group – level
#groupadd admins
#useradd
-g admins jradmin5
#useradd
-g admins jradmins6
#visudo -f /etc/sudoers
Write any where in this
configuration file
% admins ALL =
/user/sbin/usermod
: wq (save & quit)
Check it
#su - jradmins
$sudo
/usr/sbin/usermod -g admins jradmin4
Here modify user jradmin4 group to admins.
In sudo configuration
Aliases are there
i. user
alias
ii. command alias
#visudo -f /etc/sudoers
Then write any where
user _alias JRADMIN = jradmin2,
jradmin3
cmnd-alias USERADMIN =
/usr/sbin/useradd, /usr/sbin/userdel
JRADMIN ALL = USERADMIN
: wq (save & quit)
Here jradmin2 and jradmin3
are access useradd and userdel commands.
Check it
#su - jradmin3
$sudo /usr/sbin/useradd Mahesh
To check the user
$ tail -5 /etc/passwd
No comments:
Post a Comment