Main.Episode397-SudoNotes History
Hide minor edits - Show changes to markup
April 06, 2011, at 08:05 PM EST
by -
Added lines 1-78:
Sudo: An overview and usage
Sudo allows you to run a command as another user, by default that user would be root.
- Used by Ubuntu and derivatives as a replacement to su or logging in as root
- su - allows you to log in as a different person
- going forward your commands in that session are run as that person
- allows for finer granulation of permssions
- default requires a password to execute
- subsequent executions of sudo do not require password if withing 15 minute period (can be limited)
- refresh this with sudo -v
- programs run as uid of account and user's login group unless overridden by by -g
- configured by /etc/sudoers file
- use visudo
- locks sudoers file against multiple simultaneous edits
- provides some checking
- will not save if there is an error
- e will put user back in editor where error is
- use visudo
- /etc/sudoers
- file that holds the permissions for sudo
- in EBNF - Extended BackusNaur Form
- a meta-syntax used for describing context-free grammars
- context-free grammar = production rule is the form of V->w
- V = single nonterminal symbol
- w = string of terminals, nonterminals, nothing
- terminal (elementary symbols of the language), nonterminal (symbols tht can be replaced)
- context-free grammar = production rule is the form of V->w
- a meta-syntax used for describing context-free grammars
- Comprised of two entries:
- Aliases (variables)
- user specifications (who may run what)
- Aliases
- 4 types:
- User_Alias = determines which commands a user may use
- user or list of users or groups: User_List :: ; User :: =
- username
- #uid
- %group
- +negroup
- %: non-unix group
- User_Alias
- preceeding ! negates value of item.
- example: User_Alias ADMINS = dann,linc,gorkon
- Runas_Alias = Determines user and/or group command can run as
- Host Alias = a listing of hostnames, ip addresses, network numbers, netgroups and other aliases
- Command Alias = a listing of commands, directories or other aliases
- commands will allow arguments unless encased in "
- you can specify only allowed arguments
- User_Alias = determines which commands a user may use
- Defaults - Allows you to override standard settings based on hosts, users, commands, or commands run as a specific user.
- example: Defaults requiretty
- After defining aliases and such you begin to define permissions:
- User/User_Alias HOST=(USER/ALL:GROUP)OPTIONS:command|Command_Alias
- 4 types:
- sudo switches:
- -b - run command in background
- -e - runs sudoedit
- should have SUDO_EDITOR, VISUAL, or EDITOR variables set
- -u name run command as user
- -g name #gid - sets group to run command as
- -i - run command as if run in a login shell for said user
- if no user is specified runs similar to su -
- -l - with no user specifies the commands user can run
- with command (if allowed) lists full path otherwise exits with 1
- -s - run a shell as user or run command in shell (if specified)
- -S - read password from standard input do not prompt (requires new line)
- -v refresh timestamp
- -k kill timestamp