LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-04-2004, 05:18 AM   #1
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
Question sudo


I understand sudo allows me to assign various levels of privileged access to users. What I don't understand when to use it. For example I edited my /etc/sudoers file by adding in a User_Alias and the specific user access e.g.

#User_Alias
User_Alias Admin = joe

#Specific User Access
root ALL=(ALL), ALL
Admin ALL = !/bin

As you can see I was attempting to deny access to the /bin folder to Joe. I understand from the man pages that sudo is run as follows

sudo -u joe | commandname

So now if I do as follows:

sudo -u joe | ls

It still allows me to execute the command despite me deny access to the /bin folder.

1) What am I do wrong with the command above?
2) When do I use sudo?
3) What if I want to deny access when a user is logged in as himself?
4) If sudo is an alternative to su, how are they different?
 
Old 08-04-2004, 07:08 AM   #2
theYinYeti
Senior Member
 
Registered: Jul 2004
Location: France
Distribution: Arch Linux
Posts: 1,897

Rep: Reputation: 66
Let's say user A wants to execute something as user B (usually A is you, and B is root).
When using su, A must give B's password.
When using sudo, A must give A's password, or even no password if NOPASSWD is used properly in the sudoers file.

So you want to use sudo if you want some users to have access to some programs on some machines as a given user without knowing this user's password.

Usage is not like you say. It is (example for ls /bin):
sudo ls /bin
or
sudo -u someuser ls /bin

Last but not least, never modify the /etc/sudoers directly. Always use the visudo command.

Yves.
 
Old 08-04-2004, 05:44 PM   #3
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Original Poster
Rep: Reputation: 30
theYinYeti,

Thanks. However assuming I provide access via sudo, how is that better than su (apart from not providing the root password). I guess what I am attempting to comprehend is how does it limit "damage" or possible miuse. For example if I allow user Joe to run the shutdown command via sudo and out of a grudge he shutdowns the server when he should not, how does it prevent him in doing so. Or for example how does sudo prevent incorrect commands from being issued e.g. rm-r /root.
 
Old 08-04-2004, 06:01 PM   #4
username17
Member
 
Registered: Aug 2004
Location: Norfolk VA
Distribution: Slackware 11
Posts: 230

Rep: Reputation: 30
It allows you to give a user to perform a certain function in unix with root privelages without the root password.
Setting up sudo for an account and giving full root access does essentially the same as su, still no root password is needed.

The advantage of sudo, again, is to provide root access for a single activity (or list of activities) to a user with comprimising the root password.
su can be used to issue a single command (think it's the -c argument), it's all about which password do you want the user to use.
If you give them root access or unlimited access via sudo, same dmg can be done.
(I apologize if I repeated myself, I do that to be as clear as possbile)
-Jason
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 03:20 PM
su and sudo muman Linux - Security 9 12-30-2004 10:55 AM
sudo pk21 Linux - Newbie 7 10-07-2003 07:53 AM
need help with sudo mla Linux - Software 4 10-02-2003 11:05 AM
sudo? nabil Linux - Security 1 02-12-2001 01:18 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration