LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Blogs > Debian, This That and the Other
User Name
Password

Notices

Over several years of using Linux distros (Debian happens to be my fave) and BSDs for my primary computing, I've picked up the odd piece of useful info.
Rate this Entry

Set that sudo up.

Posted 09-29-2009 at 07:54 PM by ofaring
Updated 12-06-2009 at 09:24 AM by ofaring

This isn't a howto but rather a basic example on setting up "sudo".

Sudo is an excellent tool to aid your pursuit of security and unnecessary root usage. Regardless of what certain individuals will say, and unfortunately some of them even put distros together, using the root account all the time is begging for trouble. So...

Is it already installed on your Debian system? While you might be using aptitude or synaptic, my preference is for apt-get.
Code:
% dpkg -l | grep -i sudo
Not there?
Code:
# apt-get install sudo
I love Debian.

In order to modify /etc/sudoers, you need to use visudo (as root, obviously) instead of your normal text editor. Here is an example from my /etc/sudoers file.
Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults	env_reset

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL
%operator ALL=(root) NOPASSWD: /sbin/shutdown
%operator ALL=(root) NOPASSWD: /sbin/halt
%operator ALL=(root) NOPASSWD: /sbin/reboot
%operator ALL=(root) NOPASSWD: /usr/sbin/hibernate
%operator ALL=(root) NOPASSWD: /usr/sbin/hddtemp
%operator ALL=(root) NOPASSWD: /bin/mount
%operator ALL=(root) NOPASSWD: /bin/umount
%operator ALL=(root) NOPASSWD: /sbin/ifup
%operator ALL=(root) NOPASSWD: /sbin/ifdown
%operator ALL=(root) NOPASSWD: /usr/sbin/ntpdate-debian
While you can modify as you like, I've added myself to the operator group. There are different ways of doing this. You can use the usermod command like so:
Code:
# usermod -a -G operator your_user_name
If you have ZSH installed and configured decently, try:
Code:
# usermod -a -G o<tab> <first letter of user name><tab>
That's how I roll, baby.
Or you could carefully modify /etc/group as root with your fave editor. If the group doesn't exist you can add it (man 8 groupadd), or choose another relevant group such as "sudo" or "staff", or put your own username in place of "operator" - not forgetting the percent symbol.

Voila! All sorts of wonderful things are available to your regular user/s without having to use root.
Posted in Examples
Views 1815 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 01:29 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration