Saturday, November 20, 2004

Allowing Sudo Priviledges

I've mentioned it before in passing, put it's possible to set up any Unix-like system so that selected root users can run root-level commands, e.g.,

sudo yum update

This will ask you to for your password to verify that you are allowed access.

To set permission, one must edit the /etc/sudoers file. Of course, you have to be root to do this, but even then you must use a special command,

visudo -f sudoers

this ensures that no one else is trying to edit the file simultaneously, checks syntax, etc. If you want to allow user dubya to run sudo, then edit the file to look like this:

# User privilege specification
root    ALL=(ALL) ALL
dubya   ALL=(ALL) ALL

where those multiple spaces are actually a tab. Now dubya can do root's work. Interestingly, if now flipflop tries to run a sudo job, he gets a message that the attempt will be reported. To whom? root gets an email message.

0 comments: