Episode397-Sudo Notes

Main.Episode397-SudoNotes History

Hide minor edits - Show changes to markup

April 06, 2011, at 06:05 PM EST by 98.174.208.105 -
Added lines 1-78:

Sudo: An overview and usage

Sudo allows you to run a command as another user, by default that user would be root.

  • Used by Ubuntu and derivatives as a replacement to su or logging in as root
  • su - allows you to log in as a different person
    • going forward your commands in that session are run as that person
  • allows for finer granulation of permssions
  • default requires a password to execute
    • subsequent executions of sudo do not require password if withing 15 minute period (can be limited)
    • refresh this with sudo -v
  • programs run as uid of account and user's login group unless overridden by by -g
  • configured by /etc/sudoers file
    • use visudo
      • locks sudoers file against multiple simultaneous edits
      • provides some checking
      • will not save if there is an error
        • e will put user back in editor where error is
  • /etc/sudoers
    • file that holds the permissions for sudo
    • in EBNF - Extended BackusNaur Form
      • a meta-syntax used for describing context-free grammars
        • context-free grammar = production rule is the form of V->w
          • V = single nonterminal symbol
          • w = string of terminals, nonterminals, nothing
          • terminal (elementary symbols of the language), nonterminal (symbols tht can be replaced)
    • Comprised of two entries:
      • Aliases (variables)
      • user specifications (who may run what)
    • Aliases
      • 4 types:
        • User_Alias = determines which commands a user may use
          • user or list of users or groups: User_List :: ; User :: =
          • username
          • #uid
          • %group
          • +negroup
          • %: non-unix group
          • User_Alias
          • preceeding ! negates value of item.
          • example: User_Alias ADMINS = dann,linc,gorkon
        • Runas_Alias = Determines user and/or group command can run as
        • Host Alias = a listing of hostnames, ip addresses, network numbers, netgroups and other aliases
        • Command Alias = a listing of commands, directories or other aliases
          • commands will allow arguments unless encased in "
          • you can specify only allowed arguments
      • Defaults - Allows you to override standard settings based on hosts, users, commands, or commands run as a specific user.
        • example: Defaults requiretty
      • After defining aliases and such you begin to define permissions:
        • User/User_Alias HOST=(USER/ALL:GROUP)OPTIONS:command|Command_Alias
  • sudo switches:
    • -b - run command in background
    • -e - runs sudoedit
      • should have SUDO_EDITOR, VISUAL, or EDITOR variables set
    • -u name run command as user
    • -g name #gid - sets group to run command as
    • -i - run command as if run in a login shell for said user
      • if no user is specified runs similar to su -
    • -l - with no user specifies the commands user can run
      • with command (if allowed) lists full path otherwise exits with 1
    • -s - run a shell as user or run command in shell (if specified)
    • -S - read password from standard input do not prompt (requires new line)
    • -v refresh timestamp
    • -k kill timestamp