There are times when we need to execute a command as root. This ensures an extra level of security since we are aware that we are executing a command which normally we do not execute. Also it records the command in /var/log/messages which can be checked by root to ensure that nobody has exceeded their authority.
We have to enter our own password when we do a sudo and we have that permission till a defined part of time. The configuration part of sudo is /etc/sudoers and it is edited using visudo command.
To give a user test, root permission use the following steps
Open the /etc/sudoers file.
Enter the following line.
test localhost =(ALL) NOPASSWD:ALL
* test : name of user to be allowed to use sudo
* localhost : Allow sudo access from test, name of the machine
* (ALL) : Allow sudo command to be executed as any user.
* NOPASSWD : User requires no password to run sudo.
* ALL : Allow all commands to be executed.
The above steps will give the user “test” root permission and the user would not need any password to run any command which are normally accessible by root only.
Similarly a group can be allowed. To allow group called test for sudo permission, use the following command.
%test ALL=(ALL) ALL
Now we can execute any command which only root could have done before, for example
The output is as follows
visudo: /etc/sudoers: Permission denied
To successfully run it use,
When you do a sudo you are still in your own shell, to get the roots shell, use the following command
You will see that the prompt has changed to that of the root.
A little more insight into sudo feature. The sudo binary is “setuid” program that is all the users on the system can run sudo command but only will be able to use it whose names are there in the /etc/sudoers.
ls -al /usr/bin/sudo
The above command will list the permission of the sudo binary as follows.
—s–x–x 1 root root 84920 Feb 17 2006 /usr/bin/sudo
No related posts.