LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 02-08-2004, 06:26 PM   #1
yenonn
Member
 
Registered: Feb 2003
Location: Malaysia
Distribution: Redhat 8.0, 9, Slackware 9.1
Posts: 511

Rep: Reputation: 30
sudoers????


i always login as root eventhough i know this is dangerous to do so...
but, whenever i login as a normal user, many of the commands and directory i cant even access it... gosh!!! so, all this while i am login as root and do my admin...

now, i am discover that i am taking risk..i need to do something for my /etc/sudoers file....
i read the man page as well as the example. i have practised it, but no point. i feel that there are still many lackings of controlling a pc as a normal user compared to root...

last time, i even messed up... i have many services run as root...such as my squid runs under root, my cvs runs under root... and bla..bla...bla...i know i am wrong...i dont have an idea to manage the services just bcz of the confusion of managing the users and services...
pls...give me some ideas ok??can someone gives me some picture of managing groups, users, users level, and services run on the machine...

so, can u guys give me some proper guidance to manage the users?
or, perhaps, u can post ur sudoers file as a reference for me...

i am pretty shocking and yet amazed the way linux handle security... not bcz i dont know, but, all this while i am working as root... i cant really feel it..now, i think linux has a tight and strong security....

how often u guys login as root?? never???
 
Old 02-08-2004, 06:45 PM   #2
synaptical
Senior Member
 
Registered: Jun 2003
Distribution: Mint 13/15, CentOS 6.4
Posts: 2,020

Rep: Reputation: 46
Re: sudoers????

Quote:
Originally posted by yenonn
<snip>
how often u guys login as root?? never???
when in a terminal, easily about half the time i am root. when doing stuff in the GUI -- internet, text stuff, etc. -- i basically never am root. so unless i'm doing it wrong, it seems that su-ing to root is just part of us-ing linux.

i think what you really ought to be doing is logging in as a <user>, and su-ing to root to do your administrating tasks. no need to feel weird about it, it's just part of the territory.

sudo is a cool application, because it allows you to do root things without entering your root password, and it times out after a set period so you won't walk away from the computer leaving a root terminal open.

i'm the only one who uses my pc, so i just added my username to root in sudoers. i'd post it for you, but that's really all i did. but there are other options in there, like adding a user to wheel with no password needed. you might want to check out those other options for more flexibility for different users.
 
Old 02-08-2004, 08:02 PM   #3
At0mic_PC
Member
 
Registered: Jul 2003
Location: Mississippi
Distribution: Slack9.1
Posts: 159

Rep: Reputation: 30
I use su - and sometimes I like to use su -c "appname -params" for things that are graphical I need root in.
 
Old 02-09-2004, 11:34 AM   #4
gnashley
Amigo developer
 
Registered: Dec 2003
Location: Germany
Distribution: Slackware
Posts: 4,755

Rep: Reputation: 466Reputation: 466Reputation: 466Reputation: 466Reputation: 466
I also run most of the time as root, since I'm mostly doing development work. sudo lets you control exactly what each user or group can do on the system. I'm currently working on setting up my system with a 3-tiered authority. I've created a user for myself, which I put in the wheel group. The wheel group is given permission to run all commands without password. All other users are just in the group users, which is more restricted.
You can edit the sudoers file by running visudo.
You might start by just adding the commands that you most want to run as user to the line for the users group.
Since Linux is a multi-user OS it doesn't act much like Windows. I mean Linux doesn't assume that you you're setting up a single user system. It takes a bit of work to get it set up, but is obviously a lot more secure once you get it.
 
Old 02-09-2004, 01:07 PM   #5
glennardo
Member
 
Registered: Oct 2003
Location: Jakarta, Indonesia
Distribution: Slackware 13.37
Posts: 50

Rep: Reputation: 15
Here's sudoers sample taken from FreeBSD Handbook, hope it helps.

##
## Sample /etc/sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
#
###
## User alias specification
###
#User_Alias FULLTIMERS = millert, mikef, dowdy
#User_Alias PARTTIMERS = bostley, jwfox, crawl
#User_Alias WEBMASTERS = will, wendy, wim
#
###
## Runas alias specification
###
#Runas_Alias OP = root, operator
#Runas_Alias DB = oracle, sybase
#
###
## Host alias specification
###
#Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
# SGI = grolsch, dandelion, black:\
# ALPHA = widget, thalamus, foobar:\
# HPPA = boa, nag, python
#Host_Alias CUNETS = 128.138.0.0/255.255.0.0
#Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
#Host_Alias SERVERS = master, mail, www, ns
#Host_Alias CDROM = orion, perseus, hercules
#
###
## Cmnd alias specification
###
#Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
# /usr/sbin/rrestore, /usr/bin/mt
#Cmnd_Alias KILL = /usr/bin/kill
#Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
#Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
#Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
#Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
#Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
# /usr/local/bin/tcsh, /usr/bin/rsh, \
# /usr/local/bin/zsh
#Cmnd_Alias SU = /usr/bin/su
#Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
# /usr/bin/chfn
#
###
## Override builtin defaults
###
#Defaults syslog=auth
#Defaults:FULLTIMERS !lecture
#Defaults:millert !authenticate
#Defaults@SERVERS log_year, logfile=/var/log/sudo.log
#
###
## User specification
###
#
## root and users in group wheel can run anything on any machine as any user
#root ALL = (ALL) ALL
#%wheel ALL = (ALL) ALL
#
## full time sysadmins can run anything on any machine without a password
#FULLTIMERS ALL = NOPASSWD: ALL
#
## part time sysadmins may run anything but need a password
#PARTTIMERS ALL = ALL
#
## jack may run anything on machines in CSNETS
#jack CSNETS = ALL
#
## lisa may run any command on any host in CUNETS (a class B network)
#lisa CUNETS = ALL
#
## operator may run maintenance commands and anything in /usr/oper/bin/
#operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
# /usr/oper/bin/
#
## joe may su only to operator
#joe ALL = /usr/bin/su operator
#
## pete may change passwords for anyone but root on the hp snakes
#pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
#
## bob may run anything on the sparc and sgi machines as any user
## listed in the Runas_Alias "OP" (ie: root and operator)
#bob SPARC = (OP) ALL : SGI = (OP) ALL
#
## jim may run anything on machines in the biglab netgroup
#jim +biglab = ALL
#
## users in the secretaries netgroup need to help manage the printers
## as well as add and remove users
#+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
#
## fred can run commands as oracle or sybase without a password
#fred ALL = (DB) NOPASSWD: ALL
#
## on the alphas, john may su to anyone but root and flags are not allowed
#john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
#
## jen can run anything on all machines except the ones
## in the "SERVERS" Host_Alias
#jen ALL, !SERVERS = ALL
#
## jill can run any commands in the directory /usr/bin/, except for
## those in the SU and SHELLS aliases.
#jill SERVERS = /usr/bin/, !SU, !SHELLS
#
## steve can run any command in the directory /usr/local/op_commands/
## as user operator.
#steve CSNETS = (operator) /usr/local/op_commands/
#
## matt needs to be able to kill things on his workstation when
## they get hung.
#matt valkyrie = KILL
#
## users in the WEBMASTERS User_Alias (will, wendy, and wim)
## may run any command as user www (which owns the web pages)
## or simply su to www.
#WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
#
## anyone can mount/unmount a cd-rom on the machines in the CDROM alias
#ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
# /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
 
Old 02-09-2004, 06:12 PM   #6
yenonn
Member
 
Registered: Feb 2003
Location: Malaysia
Distribution: Redhat 8.0, 9, Slackware 9.1
Posts: 511

Original Poster
Rep: Reputation: 30
so, how about the services? should each service such as squid run under root? or what??? how to manage the services??
 
Old 02-10-2004, 03:09 AM   #7
gnashley
Amigo developer
 
Registered: Dec 2003
Location: Germany
Distribution: Slackware
Posts: 4,755

Rep: Reputation: 466Reputation: 466Reputation: 466Reputation: 466Reputation: 466
You can run pkgtool and choose setup, then services to manage some services. You can also see and manage services by running top or ps -x. Top will show you all processes that are running and the resources they are using. ps -x will show you the process id's of everything that is running. If you want to turn something off do:
kill pid ??? (number of process).
In order to tweak what is started during bootup you'll need to edit some scripts in the /etc/rc.d directory.
When the kernel finishes loading it runs init, which first processes /etc/inittab. init then begins to process the scripts under /etc/rc.d (according to the runlevel specified in /etc/inittab). If you want to understand how Linux runs, spend a few hours studying the scripts in /etc/rc.d. After doing so everything will make alot more sense.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM
Regarding SUDOERS hinetvenkat Linux - Networking 1 09-02-2005 01:47 PM
Sudoers Fonke0412 Linux - Newbie 3 08-10-2003 03:54 PM
sudoers........ help linuxlah Linux - General 4 01-14-2003 11:54 PM
help with /etc/sudoers keevitaja Linux - Newbie 5 08-17-2002 01:00 PM


All times are GMT -5. The time now is 07:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration