sudo - superuser do
- This tool is used to delegate the admin task to particular user or group.
- Basically it allows you to run command being other user (speciially root) to execute some command.
Config file: /etc/sudoers
Log file: /var/log/messages
Editing tool: visudo ( do not use vi, use visudo it will check the syntax and saves you from making mistakes)
Lets go real,
Now, lets create some users on your systems:
jay, ravi, sam and rita
Grant the following permission to these users.
1. User Jay and Ravi are new system admin and they needed full access to the system
2. sam is a database admin and need to mount and umount /APPLECFS filesystem. su to oinstall, gridmon, oradev user
3. Rita is a helpdesk technician but she should be able to create user
Now, to grant them access, edit the sudoers file
# visudo
# Give full access to jay and ravi user which is like "root ALL=(ALL) ALL",
jay ALL=(ALL) ALL
ravi ALL=(ALL) ALL
# if you want them to run command without specifying password, you can do like
# user_name ALL=(ALL) NOPASSWD: ALL
# or you can put these users together by specifying user alias
# User_Alias ADMINS = jay, ravi, devi, dan
# ADMINS ALL=(ALL) ALL
# or
# ADMINS ALL=(ALL) NOPASSWD:ALL
User_Alias DBAS = bill, mary, sam
DBAS ALL:NOPASSWD: /usr/sbin/mount /APPLCFS, /usr/sbin/umount /APPLCFS, /usr/bin/su - oradev, /usr/bin/su - oinstall, /usr/bin/su - gridmon
# Granting rita user create access
User_Alias HELPDESK nani, kavi, rita
Cmnd_Alias HELP_CMDS = /usr/sbin/useradd, /usr/bin/passwd
HELODESK = HELP_CMDS
User can login to the system with their user name and password, and run the command as
$ useradd nita
$ passwd nita
$ sudo useradd nita
$ sudo passwd nita
run all commands and find the differences.
- This tool is used to delegate the admin task to particular user or group.
- Basically it allows you to run command being other user (speciially root) to execute some command.
Config file: /etc/sudoers
Log file: /var/log/messages
Editing tool: visudo ( do not use vi, use visudo it will check the syntax and saves you from making mistakes)
Lets go real,
Now, lets create some users on your systems:
jay, ravi, sam and rita
Grant the following permission to these users.
1. User Jay and Ravi are new system admin and they needed full access to the system
2. sam is a database admin and need to mount and umount /APPLECFS filesystem. su to oinstall, gridmon, oradev user
3. Rita is a helpdesk technician but she should be able to create user
Now, to grant them access, edit the sudoers file
# visudo
# Give full access to jay and ravi user which is like "root ALL=(ALL) ALL",
jay ALL=(ALL) ALL
ravi ALL=(ALL) ALL
# if you want them to run command without specifying password, you can do like
# user_name ALL=(ALL) NOPASSWD: ALL
# or you can put these users together by specifying user alias
# User_Alias ADMINS = jay, ravi, devi, dan
# ADMINS ALL=(ALL) ALL
# or
# ADMINS ALL=(ALL) NOPASSWD:ALL
User_Alias DBAS = bill, mary, sam
DBAS ALL:NOPASSWD: /usr/sbin/mount /APPLCFS, /usr/sbin/umount /APPLCFS, /usr/bin/su - oradev, /usr/bin/su - oinstall, /usr/bin/su - gridmon
# Granting rita user create access
User_Alias HELPDESK nani, kavi, rita
Cmnd_Alias HELP_CMDS = /usr/sbin/useradd, /usr/bin/passwd
HELODESK = HELP_CMDS
User can login to the system with their user name and password, and run the command as
$ useradd nita
$ passwd nita
$ sudo useradd nita
$ sudo passwd nita
run all commands and find the differences.
No comments:
Post a Comment