Hi,
how can we make the sudo list for a particular admin command
Please recommend
Regards
ltoso
add users to sudo
add users to sudo
hi ,
sudo uses the pam groups , so by creating a group with some users
you can refer to that group in visudo .
a good manual can be found here http://www.sudo.ws/sudo/sudo.man.html
sudo uses the pam groups , so by creating a group with some users
you can refer to that group in visudo .
a good manual can be found here http://www.sudo.ws/sudo/sudo.man.html
Re: add users to sudo
I'm not a big fan of the sudo man page--I think it's one of those pages that only become clear after you understand it well.
I think this is a clear explanation. In this case, the command is shutdown, but it can be used for anything.
http://www.spencerstirling.com/computergeek/shutdown.html.
(The second section deals with sudo.)
However, the author uses ALL=(root) NOPASSWD whereas I would use
%mygroup ALL= NOPASSWD:
(That's if you want it to work wtih no password).
If you want to have multiple commands for the group, although that article has a line for each command, you can put it on one line, e.g.
%mygroup ALL= NOPASSWD: /sbin/shutdown,/usr/bin/reboot
If you want them to at least put in their password, then it would be
ALL= (ALL)
One important thing which is buried deeply in the man page, because this is Linux, and then, when you miss it, people can tell you how it's right there, rather than admit the documentation was incompetently done. Last command wins. For example, on a FreeBSD box, I have one command for user scottro that can be run without a password. User scottro is also in the wheel group. I use the line in sudoers to allow the wheel group to run all commands. (With the password.)
So, if I put ABOVE that line
scottro ALL= NOPASSWD: whatever
it won't work, because further down in the file it says that scottro, as a wheel group member, is allowed to run commands, but requires a password.
I have to put that scottro ALL= NOPASSWD: BELOW the line that gives wheel group privilege. In other words, if you have two conflicting sets of permissions, the last in the file overrules any that are above it in the file.
I think this is a clear explanation. In this case, the command is shutdown, but it can be used for anything.
http://www.spencerstirling.com/computergeek/shutdown.html.
(The second section deals with sudo.)
However, the author uses ALL=(root) NOPASSWD whereas I would use
%mygroup ALL= NOPASSWD:
(That's if you want it to work wtih no password).
If you want to have multiple commands for the group, although that article has a line for each command, you can put it on one line, e.g.
%mygroup ALL= NOPASSWD: /sbin/shutdown,/usr/bin/reboot
If you want them to at least put in their password, then it would be
ALL= (ALL)
One important thing which is buried deeply in the man page, because this is Linux, and then, when you miss it, people can tell you how it's right there, rather than admit the documentation was incompetently done. Last command wins. For example, on a FreeBSD box, I have one command for user scottro that can be run without a password. User scottro is also in the wheel group. I use the line in sudoers to allow the wheel group to run all commands. (With the password.)
So, if I put ABOVE that line
scottro ALL= NOPASSWD: whatever
it won't work, because further down in the file it says that scottro, as a wheel group member, is allowed to run commands, but requires a password.
I have to put that scottro ALL= NOPASSWD: BELOW the line that gives wheel group privilege. In other words, if you have two conflicting sets of permissions, the last in the file overrules any that are above it in the file.
Re: add users to sudo
You may want to look at the CentOS Wiki page of [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]Becoming Root[/url]