How to: Using Sudo
· Sudo is a command that allows users defined in the /etc/sudoers configuration file to have temporary root access to run certain privileged commands.
· The command you want to run must first begin with the word "sudo" followed by the regular command syntax.
· When running the command you will be prompted for your regular password before it is executed.You may run other privileged commands using sudo within a five minute period without being re-prompted for a password
· All commands run as sudo are logged in the log file /var/log/messages
Fortunately the package is installed by default by RedHat
· "visudo" is the command used to edit the /etc/sudoers configuration file. It is not recommended that you use any other editor to modify your sudo parameters. "visudo" uses the same commands as the "vi" text editor.
· "visudo" is best run as user "root"
[root@aqua tmp]# visudo
o The /etc/sudoers file has the general format:
usernames/group target-servername = command
o Groups are the same as user groups and are differentiated from regular users by a % at the beginning
o The "#" at the beginning of a line signifies a comment line
o You can have multiple usernames per line separated by commas
o Multiple commands can be separated by commas too. Spaces are considered part of the command.
o The keyword "ALL" can mean all usernames, groups, commands and servers.
o If you run out of space on a line, you can end it with a "\" and continue on the next line.
o The NOPASSWD keyword provides access without you being prompted for your password
o Users "paul" and "mary" have full access to all privileged commands
paul, mary ALL=(ALL) ALL
o Users with a groupid of "operator" has full access to all commands and won't be prompted for a password when doing so.
%operator ALL=(ALL) NOPASSWD: ALL
· In this example, user "paul" attempts to view the contents of the /etc/sudoers file
[paul@bigboy paul]$ more /etc/sudoers
/etc/sudoers: Permission denied
· Paul tries again using sudo and his regular user password and is successful
[paul@bigboy paul]$ sudo more /etc/sudoers
All sudo commands are logged in the log file /var/log/messages. Here is sample output from the above example.
[root@bigboy tmp]# grep sudo /var/log/messages
Nov 18 22:50:30 bigboy sudo(pam_unix): authentication failure; logname=paul uid=0 euid=0 tty=pts/0 ruser= rhost= user=paul
Nov 18 22:51:25 bigboy sudo: paul : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/more sudoers