Debianhelp.co.uk

 

 Sudo Configuration in Debian

Introduction

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.

Debian's sudo package has the password timeout set to 15 minutes. This means that when you first enter your password, as long as you don't wait more than 15 minutes between sudo commands, you won't have to enter it again. The password timeout can be immediately expired with sudo -k.

Debian's sudo is compiled with

--with-exempt=sudo
--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:

As a consequence, the PATH of the user is ignored except if the user is in group sudo.

Installing SUDO in Debian

# apt-get install sudo

sudo is configured entirely through the file /etc/sudoers. This file controls the commands which users are allowed to run.

# emacs /etc/sudoers

    add a line:

    user ALL=(ALL) ALL

To run one command as root:

 sudo command

For more commands, run your shell with sudo.

 sudo sh      (if sh is your shell.)

Be careful when you are root. When you are done, type exit

For more details about sudo options check man pages of sudo.Click here for sudo man page.

some random SUDO examples

# groups

User_Alias  ROOT = user1, user2, user3
User_Alias  WEBMASTERS = user4, user5, user6

# commands

Cmnd_Alias  APACHE = /usr/local/sbin/kickapache
Cmnd_Alias  TAIL = /usr/bin/tail

Cmnd_Alias      SHUTDOWN = /sbin/shutdown

Cmnd_Alias      APT = /usr/bin/apt-get, /usr/bin/dpkg

# privileges 

ROOT        ALL = (ALL) ALL
WEBMASTERS  ALL = PASSWD : APACHE, TAIL
admin       ALL = NOPASSWD : /etc/init.d/apache