Execute commands
# Execute commands with sudo
sudo ls /this/path/is/not/usually/accessible
sudo -u user1 ls /home/user1
sudo -u www vi ~www/htdocs/index.html
sudo -g adm view /var/log/syslog
sudo -u oracle sqlplus
sudo sh -c "cd /opt/secret ; du - d0 | sort -rnk 6"Become root
sudo -isudo su -Sudo configuration
- /etc/sudoers contains the rules that users must follow when using the sudo command
- Can add content to /etc/sudoers.d/<anyfilename> instead of /etc/sudoers file
- There is also a “sudo” group
- Logs by default are in /var/log/secure (linux like centos or fedora), /var/log/auth.log (debian, ubuntu)
- /usr/lib/sudo/sudoers.so should only be writable by root
List available (and forbidden) commands with sudo for the current user
sudo -l# List available (and forbidden) commands with sudo for specified user
sudo -U user1 -lShow all configurations
cat /etc/sudoersls -la /etc/sudoers.d/Edit sudo configuration – as root
NEVER edit /etc/sudoers directly, use visudo command.
visudoAlternative: create a file for the user in /etc/sudoers.d/.
echo "username ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/usernameecho "username ALL=(ALL) NOPASSWD: /bin/su -" | sudo tee /etc/sudoers.d/usernameExamples
# Sudo policy format
# User = who can do this
# Host = which host this applies to
# RunAs = target user (optional)
# Command = the privileged command
User Host=(RunAs) Command
kate db1 = (oracle) ALL
# Sudo front end configuration file
cat /etc/sudo.conf
# Specify group instead of user
sudo -g 27