Understanding Sudo and User Privileges Management in Linux
Enhance your knowledge on controlling access to sudo in Linux, allowing users to execute commands with root privileges securely. Explore the significance of logging sudo commands, managing sudo access through sudoers file, and utilizing the Wheel group for root access control.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
This work by Peter Callaghan is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. OPS245 Managing Sudo
Outline In this short lesson, you will learn how to control access to sudo. So you can choose who gets to run commands with root privileges. And control which commands they can run.
Why use sudo? We have already been using the sudo command to allow your regular user account to execute commands as if it were root. While it is possible to log in directly as the root account (or use su to switch to it) this is generally avoided for security and auditing purposes. There are likely several admins in the organization who require super- user access, if they all logged in as root you could not tell who did what, since it would all go to root s history file. Commands executed through sudogo to that user s own history (and a special sudo log file). It also means not having to share the real root password with less senior admins.
Logging Sudo All commands run through sudo are logged into /var/log/secure This can be useful to track commands executed with elevated permissions, as well as failed attempts to run commands as another user.
Allowing Sudo Access There is a special file /etc/sudoers that controls who can use the sudo command as well as what commands they can execute through it. While it is possible to use the command visudo to edit it, we will do so by adding/removing specially formatted files in /etc/sudoers.d To grant sudo access for a user or group add a file named after them to that directory. To remove access, remove the file.
Sudoers Format The format for a file in the directory /etc/sudoers.d/ is: WHO WHERE=(AS_WHOM) WHAT WHO the user this entry is for. Starting with % indicates a group. WHERE The systems (machine) this entry applies to. AS_WHOM The accounts that the commands can be run as. WHAT The comma separated list of commands this user can run as other users.
The Wheel Group There is a special group already defined with access to sudo to run commands as root: wheel. Adding a user to this group will allow them to use sudo to run any command. When you checked the box Make this user Adminstrator while creating your users, you added them to the wheel group.
Summary In this lesson you have learned to write and edit sudoers entries so you have better control over the commands that can be run with root privileges..
