Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I understand sudo allows me to assign various levels of privileged access to users. What I don't understand when to use it. For example I edited my /etc/sudoers file by adding in a User_Alias and the specific user access e.g.
#User_Alias
User_Alias Admin = joe
#Specific User Access
root ALL=(ALL), ALL
Admin ALL = !/bin
As you can see I was attempting to deny access to the /bin folder to Joe. I understand from the man pages that sudo is run as follows
sudo -u joe | commandname
So now if I do as follows:
sudo -u joe | ls
It still allows me to execute the command despite me deny access to the /bin folder.
1) What am I do wrong with the command above?
2) When do I use sudo?
3) What if I want to deny access when a user is logged in as himself?
4) If sudo is an alternative to su, how are they different?
Let's say user A wants to execute something as user B (usually A is you, and B is root).
When using su, A must give B's password.
When using sudo, A must give A's password, or even no password if NOPASSWD is used properly in the sudoers file.
So you want to use sudo if you want some users to have access to some programs on some machines as a given user without knowing this user's password.
Usage is not like you say. It is (example for ls /bin):
sudo ls /bin
or
sudo -u someuser ls /bin
Last but not least, never modify the /etc/sudoers directly. Always use the visudo command.
Thanks. However assuming I provide access via sudo, how is that better than su (apart from not providing the root password). I guess what I am attempting to comprehend is how does it limit "damage" or possible miuse. For example if I allow user Joe to run the shutdown command via sudo and out of a grudge he shutdowns the server when he should not, how does it prevent him in doing so. Or for example how does sudo prevent incorrect commands from being issued e.g. rm-r /root.
It allows you to give a user to perform a certain function in unix with root privelages without the root password.
Setting up sudo for an account and giving full root access does essentially the same as su, still no root password is needed.
The advantage of sudo, again, is to provide root access for a single activity (or list of activities) to a user with comprimising the root password.
su can be used to issue a single command (think it's the -c argument), it's all about which password do you want the user to use.
If you give them root access or unlimited access via sudo, same dmg can be done.
(I apologize if I repeated myself, I do that to be as clear as possbile)
-Jason
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.