Thomas Guide: sudo

From FedoraNEWS.ORG

Written by Thomas Chung on 2005-07-30

Thomas Guide is a step-by-step User Guide for a Linux Newbie (http://en.wikipedia.org/wiki/Newbie).

Here is a quick tutorial to setup your user account as sudo account.

[edit]

Step 1

Open a terminal and type following command to enter root environment. 

$ su -

Type your root password.

[edit]

Step 2

Type following command to edit sudo file (/etc/sudoers). 

# visudo
[edit]

Step 3

Use [Down Arrow] key to scroll down and use [Delete] key to delete "#" sign in front of following line to enable sudo: 

# %wheel	ALL=(ALL)	NOPASSWD: ALL

It should be look like following: 

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

# Same thing without a password
%wheel	ALL=(ALL)	NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
[edit]

Step 4

Press [Esc] key and type ":wq" to save and quit.

[edit]

Step 5

Type following command to add your user account to "wheel" group (similar to Administrative Group). 

# usermod -G wheel [your-user-id]

For example, 

# usermod -G wheel tchung
# id tchung
uid=500(tchung) gid=500(tchung) groups=500(tchung),10(wheel)
[edit]

Step 6

Type following command to exit from root environment and return to user environment. 

# exit
$ whoami
tchung
[edit]

Step 7

Without sudo, you will get following permission error message, For exampe: 

$ /sbin/service iptables status
/etc/init.d/iptables: line 45: /etc/sysconfig/iptables-config: Permission denied

With sudo, you can now execute the command successfully without becoming the root. For example: 

$ sudo /sbin/service iptables status
Table: filter
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:139
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
[edit]

Step 8

Check following log file for a verification. 

$ sudo cat /var/log/secure | grep iptables
Jul 30 15:07:23 localhost sudo:   tchung : TTY=pts/1 ; PWD=/home/tchung ; USER=root ; COMMAND=/sbin/service iptables status

Please note every command you run with "sudo" will write an entry including USER and COMMAND for a review later.

[edit]

References


Retrieved from "http://fedoranews.org/mediawiki/index.php/Thomas_Guide:_sudo"
Personal tools