Skip to content

2. sudo and sudoers command.md

Latest commit

ย 

History

History
153 lines (117 loc) ยท 3.94 KB

2. sudo and sudoers command.md

File metadata and controls

153 lines (117 loc) ยท 3.94 KB

๐Ÿ” Linux sudo Command and sudoers File Configuration

The sudo (Superuser Do) command allows authorized users to execute commands with root privileges or another userโ€™s permissions, as defined in the /etc/sudoers file.

๐Ÿ“Œ 1. sudo Command โ€“ Run Commands with Elevated Privileges

โœ… Basic Usage โ€“ Run a Command as Root

sudo ls /root

๐Ÿ”น Runs ls /root with root privileges.
๐Ÿ”น You will be prompted for your password.

โœ… 1.1 Run a Command as Another User (-u)

sudo -u nikhil whoami

โœ… Output

nikhil

๐Ÿ”น Runs whoami as user nikhil.

โœ… 1.2 Execute Multiple Commands (&&)

sudo bash -c "whoami && id"

โœ… Output

root
uid=0(root) gid=0(root) groups=0(root)

๐Ÿ”น Runs multiple commands as root.

โœ… 1.3 Open a Root Shell (sudo -s)

sudo -s
whoami

โœ… Output

root

๐Ÿ”น Opens a root shell.

โœ… 1.4 Switch to a Root Login Shell (sudo -i)

sudo -i

๐Ÿ”น Logs in as root, loading root's environment.

โœ… 1.5 Run a Command Without Saving It in History

sudo visudo

๐Ÿ”น Runs visudo without saving it in shell history.

๐Ÿ“Œ 2. sudoers File โ€“ Configuring User Privileges

To configure who can use sudo and for which commands, edit the /etc/sudoers file using visudo:

sudo visudo

๐Ÿ”น visudo prevents syntax errors that could lock you out.

โœ… 2.1 Grant Full Root Privileges to a User

nikhil ALL=(ALL:ALL) ALL

๐Ÿ”น nikhil can run any command as any user or group.

โœ… 2.2 Allow a User to Run Specific Commands

jaydeep ALL=(ALL) /usr/sbin/apt update, /usr/bin/systemctl restart apache2

๐Ÿ”น jaydeep can only run package updates and restart Apache.

โœ… 2.3 Allow a User to Run Commands Without a Password (NOPASSWD)

jaydeep ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2

๐Ÿ”น jaydeep can restart Apache without a password.

โœ… 2.4 Restrict a User to Specific Commands

nikhil ALL=(ALL) /usr/bin/ls, /usr/bin/cat

๐Ÿ”น nikhil can only run ls and cat with sudo.

โœ… 2.5 Grant a Group (%groupname) Specific Permissions

%developers ALL=(ALL) NOPASSWD: /usr/bin/mkdir, PASSWD: /usr/bin/rm

๐Ÿ”น The developers group can create directories without a password but must enter a password to delete files.

โœ… 2.6 Allow a Web Server User (www-data) to Restart Apache

%www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl restart apache2

๐Ÿ”น Web server processes can restart Apache without a password.

โœ… 2.7 Creating Command Aliases for Easier Management

Cmnd_Alias WEB_CMDS = /usr/bin/systemctl restart apache2, /usr/bin/systemctl reload nginx
jaydeep ALL=(ALL) NOPASSWD: WEB_CMDS

๐Ÿ”น Defines a command alias (WEB_CMDS) and assigns it to jaydeep.

๐Ÿ“Š Summary of sudoers Rules

Rule Description
nikhil ALL=(ALL:ALL) ALL nikhil can run all commands as any user
jaydeep ALL=(ALL) /usr/bin/systemctl restart apache2 jaydeep can only restart Apache
jaydeep ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart apache2 jaydeep can restart Apache without a password
%developers ALL=(ALL) NOPASSWD: /usr/bin/mkdir, PASSWD: /usr/bin/rm Developers can create directories without a password but must enter a password to delete files
%www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl restart apache2 www-data can restart Apache without a password
Cmnd_Alias WEB_CMDS = /usr/bin/systemctl restart apache2, /usr/bin/systemctl reload nginx Defines a command alias (WEB_CMDS) for web services
โšก