Friday, May 3, 2019

Unix/Linux - sudo - superuser do, an example

sudo - superuser do
- This tool is used to delegate the admin task to particular user or group.
- Basically it allows you to run command being other user (speciially root) to execute some command.


Config file: /etc/sudoers
Log file: /var/log/messages
Editing tool: visudo  ( do not use vi, use visudo it will check the syntax and saves you from making mistakes)

Lets go real,

Now, lets create some users on your systems:

jay, ravi, sam and rita

Grant the following permission to these users.

1. User Jay and Ravi are new system admin and they needed full access to the system
2. sam is a database admin and need to mount and umount /APPLECFS filesystem. su to oinstall, gridmon, oradev user
3. Rita is a helpdesk technician but she should be able to create user



Now, to grant them access, edit the sudoers file

 # visudo

# Give full access to jay and ravi user which is like "root    ALL=(ALL)       ALL",

jay ALL=(ALL) ALL
ravi ALL=(ALL) ALL

# if you want them to run command without specifying password, you can do like
# user_name ALL=(ALL) NOPASSWD: ALL

# or you can put these users together by specifying user alias
# User_Alias ADMINS = jay, ravi, devi, dan
# ADMINS ALL=(ALL) ALL
#    or
# ADMINS ALL=(ALL) NOPASSWD:ALL


User_Alias DBAS = bill, mary, sam
DBAS ALL:NOPASSWD: /usr/sbin/mount /APPLCFS, /usr/sbin/umount /APPLCFS, /usr/bin/su - oradev, /usr/bin/su - oinstall, /usr/bin/su - gridmon

# Granting rita user create access
User_Alias HELPDESK nani, kavi, rita
Cmnd_Alias HELP_CMDS = /usr/sbin/useradd, /usr/bin/passwd
HELODESK = HELP_CMDS


User can login to the system with their user name and password, and run the command as

$ useradd nita
$ passwd nita
$ sudo useradd nita
$ sudo passwd nita

run all commands and find the differences.

No comments:

Post a Comment