Unit 11: User Accounts




          You need to use the sudo command which is use to execute a command as another user. It allows   notes
          a permitted user to execute a command as the superuser or another user, as specified in the /etc/
          sudoers (config file that defines or list of who can run what) file. The sudo command allows users
          to do tasks on a Linux system as another user.
          sudo command


          sudo  is  more  more  secure  than  su  command.  By  default  it  logs  sudo  usage,  command  and
          arguments in /var/log/secure (Red Hat/Fedora / CentOS Linux) or /var/log/auth.log (Ubuntu
          / Debian Linux).

          If the invoking user is root or if the target user is the same as the invoking user, no password
          is required. Otherwise, sudo requires that users authenticate themselves with a password by
          default. Once a user has been authenticated, a timestamp is updated and the user may then use
          sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

          /etc/sudoers syntax

          Following is general syntax used by /etc/sudoers file:
          USER HOSTNAME=COMMAND
          Where,

          1.   USER: Name of normal user
          2.   HOSTNAME: Where command is allowed to run. It is the hostname of the system where
               this rule applies. sudo is designed so you can use one sudoers file on all of your systems.
               This space allows you to set per-host rules.
          3.   COMMAND: A simple filename allows the user to run the command with any arguments
               he/she  wishes.  However,  you  may  also  specify  command  line  arguments  (including
               wildcards). Alternately, you can specify “” to indicate that the command may only be run
               without command line arguments.

          How do i use sudo?

          Give user rokcy access to halt/shutdown command and restart Apache web server. First, Login
          as root user. Use visudo command edit the config file:

          # visudo
          Append the following lines to file:

          rokcy localhost=/sbin/halt
          rokcy dbserver=/etc/init.d/apache-perl restart
          Save and close file . Now rokcy user can restart Apache web server by typing the following
          command:

          $ sudo /etc/init.d/apache-perl restart
          Output:

          Password:
          Restarting apache-perl 1.3 web server....
          The sudo command has logged the attempt to the log file /var/log/secure or /var/log/auth.log file:
          # tail -f /var/log/auth.log





                                           LoveLy professionaL university                                   211