Page 215 - DCAP602_NETWORK_OPERATING_SYSTEMS_I
P. 215

Unit 11: User Accounts




          other examples                                                                        notes

          You can view a comprehensive list of /etc/sudoers file options by issuing the command man
          sudoers.
          using syslog to track all sudo commands


          All sudo commands are logged in the log file /var/log/messages which can be very helpful in
          determining how user error may have contributed to a problem. All the sudo log entries have the
          word sudo in them, so you can easily get a thread of commands used by using the grep command
          to selectively filter the output accordingly.
          Here is sample output from a user bob failing to enter their correct sudo password when issuing
          a  command,  immediately  followed  by  the  successful  execution  of  the  command  /bin/more
          sudoers.

          [root@bigboy tmp]# grep sudo /var/log/messages
          Nov 18 22:50:30 bigboy sudo(pam_unix)[26812]: authentication failure; logname=bob
          uid=0 euid=0 tty=pts/0 ruser= rhost= user=bob
          Nov 18 22:51:25 bigboy sudo: bob : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/
          bin/more sudoers
          [root@bigboy tmp]#




             Note     It  is  important  to  know  how  to  add  users,  not  just  so  they  can  log  in  to
             our  system.  Most  server  based  applications  usually  run  via  a  dedicated  unprivileged
             user account, for example the MySQL database application runs as user mysql and the
             Apache Web server application runs as user apache. These accounts aren’t always created
             automatically, especially if the software is installed using TAR files.

          Finally, the sudo utility provides a means of dispersing the responsibility of systems management
          to  multiple  users.  You  can  even  give  some  groups  of  users  only  partial  access  to  privileged
          commands depending on their roles in the organization. This makes sudo a valuable part of any
          company’s server administration and security policy.

          11.1.8 user and super user

          Linux puts a lot of power at your fingertips. That’s the best reason to switch to Linux; it’s also
          the most dangerous thing about the system. Linux controls how much power you can use on the
          computer based on your Login ID. It keeps a database of all users, and it keeps track of which
          user owns which files, and which users have permission to view, edit, and execute each file,
          folder or program. An ordinary user will not be able to do really dangerous things, like editing
          the user database, or deleting every file on the system.
          But right now you are logged in as root. You are not just an ordinary user, you are SuperUser.
          (SuperUser is a real Unix term, synonymous with root.) There are no restrictions on your power.
          You have the ability to crash the system and make it otherwise unusable in more ways than you
          can imagine. As a novice it is very easy to make your system completely unusable with a single
          erroneous command. Believe me. I speak from experience. The first weekend after I installed
          Linux, I had to reinstall it FOUR times before I finally got smart and quit destroying it. And I’m a
          pretty savvy guy around computers, so don’t think you’re immune just because you know your
          way around a PC.





                                           LoveLy professionaL university                                   209
   210   211   212   213   214   215   216   217   218   219   220