add users to sudo

General support questions including new installations
Post Reply
ltoso
Posts: 73
Joined: 2008/12/09 20:19:53

add users to sudo

Post by ltoso » 2010/07/04 02:17:18

Hi,
how can we make the sudo list for a particular admin command


Please recommend
Regards
ltoso

yyagol
Posts: 1015
Joined: 2006/06/10 18:27:44
Location: 32 4′N 34 47′E
Contact:

add users to sudo

Post by yyagol » 2010/07/04 06:20:46

hi ,

sudo uses the pam groups , so by creating a group with some users
you can refer to that group in visudo .
a good manual can be found here http://www.sudo.ws/sudo/sudo.man.html

scottro
Forum Moderator
Posts: 2556
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Re: add users to sudo

Post by scottro » 2010/07/04 13:32:20

I'm not a big fan of the sudo man page--I think it's one of those pages that only become clear after you understand it well.

I think this is a clear explanation. In this case, the command is shutdown, but it can be used for anything.



http://www.spencerstirling.com/computergeek/shutdown.html.

(The second section deals with sudo.)

However, the author uses ALL=(root) NOPASSWD whereas I would use

%mygroup ALL= NOPASSWD:

(That's if you want it to work wtih no password).

If you want to have multiple commands for the group, although that article has a line for each command, you can put it on one line, e.g.

%mygroup ALL= NOPASSWD: /sbin/shutdown,/usr/bin/reboot

If you want them to at least put in their password, then it would be

ALL= (ALL)

One important thing which is buried deeply in the man page, because this is Linux, and then, when you miss it, people can tell you how it's right there, rather than admit the documentation was incompetently done. Last command wins. For example, on a FreeBSD box, I have one command for user scottro that can be run without a password. User scottro is also in the wheel group. I use the line in sudoers to allow the wheel group to run all commands. (With the password.)

So, if I put ABOVE that line

scottro ALL= NOPASSWD: whatever

it won't work, because further down in the file it says that scottro, as a wheel group member, is allowed to run commands, but requires a password.

I have to put that scottro ALL= NOPASSWD: BELOW the line that gives wheel group privilege. In other words, if you have two conflicting sets of permissions, the last in the file overrules any that are above it in the file.

chuina
Posts: 355
Joined: 2009/12/11 10:25:56

Re: add users to sudo

Post by chuina » 2010/07/04 20:53:14

You may want to look at the CentOS Wiki page of [url=http://wiki.centos.org/TipsAndTricks/BecomingRoot]Becoming Root[/url]

Post Reply