Page 213 - DCAP602_NETWORK_OPERATING_SYSTEMS_I
P. 213

Unit 11: User Accounts




                                                                                                notes



              Task    “It is not recommended that you use any other editor to modify your sudo
             parameters because the sudoers file isn’t located in the same directory on all versions of
             Linux.” Comment

          the /etc/sudoers file


          The /etc/sudoers file contains all the configuration and permission parameters needed for sudo
          to work. There are a number of guidelines that need to be followed when editing it with visudo.
          General /etc/sudoers Guidelines

          There are some general guidelines when editing this file:
          1.   Groups are the same as user groups and are differentiated from regular users by a % at the
               beginning. The Linux user group “users” would be represented by %users.
          2.   You can have multiple usernames per line separated by commas.

          3.   Multiple commands also can be separated by commas. Spaces are considered part of the
               command.
          4.   The keyword ALL can mean all usernames, groups, commands and servers.

          5.   If you run out of space on a line, you can end it with a back slash (\) and continue on the
               next line.
          6.   sudo assumes that the sudoers file will be used network wide, and therefore offers the
               option to specify the names of servers which will be using it in the servername position
               in. In most cases, the file is used by only one server and the keyword ALL suffices for the
               server name.
          7.   The NOPASSWD keyword provides access without prompting for your password.

                 Example: This section presents some simple examples of how to do many commonly
          required tasks using the sudo utility.

          Granting all Access to Specific Users

          You can grant users bob and bunny full access to all privileged commands, with this sudoers
          entry.

          bob, bunny  ALL=(ALL) ALL
          This is generally not a good idea because this allows bob and bunny to use the su command to
          grant themselves permanent root privileges thereby bypassing the command logging features of
          sudo. The example on using aliases in the sudoers file shows how to eliminate this prob

          Granting Access to Specific Users to Specific Files

          This entry allows user peter and all the members of the group operator to gain access to all the
          program files in the /sbin and /usr/sbin directories, plus the privilege of running the command
          /usr/local/apps/check.pl. Notice how the trailing slash (/) is required to specify a directory
          location:

          peter, %operator ALL= /sbin/, /usr/sbin, /usr/local/apps/check.pl




                                           LoveLy professionaL university                                   207
   208   209   210   211   212   213   214   215   216   217   218