Sudoers
Hi all,
I know how to edit a file when logged in as root, but I think for security reasons root should not have shell access. So do I need to give my user account permission to edit files, and if so, do I do this in etc/sudoers? Does this in etc/sudoers give josoap permission to edit files? josoap ALL=(ALL) ALL Thanks |
Normally you use the command visudo to edit that file, it will lock the file and check for errors after installing.
The line you gave will will allow the user to do everything in your system, not just edit files. Quote:
|
Yes. ALL =(ALL) ALL gives you the same permissions as root ( when using sudo ).
You can also give those permissions to a group instead, and add any users to that, if you wish. Like this %admin ALL=(ALL) ALL |
@ Reply
Hi there,
Quote:
Better way that I can think of is set a strong password for root user and add trusted people in sudoers with limited access. |
Thanks to all for your helpful replies. I forgot to say I am talking about a Debian VPS. I think it is not good for sudoers to give all permissions to the user like this...
josoap ALL=(ALL) ALL ...but I can instead give permissions for just particular commands such as apt-get. So instead of saying 'give all permissions to josoap' can I say in sudoers 'give josoap permissions to use apt-get and to edit files'? If so can anyone please tell me the correct sytnax? Thank you :) |
@ Reply
Here is the link that will help you out: http://www.cyberciti.biz/tips/allow-...s-as-root.html
Here is another: http://www.sudo.ws/sudo/man/1.8.2/sudoers.man.html |
Quote:
josoap ALL=/bin/kill, /usr/apt-get, /var/vi ...to mean that josoap can run the kill command from the bin directory, the apt-get command from the usr directory and can edit any file in the var directory (or at least any file that is editable by root). Thank you :) |
Quote:
This line: josoap ALL=/bin/kill, /usr/bin/apt-get, /usr/bin/vi will let you run those commands with root credentials, effectively letting you edit any file you open with vi. |
@ Reply
Code:
josoap ALL=/bin/kill, /usr/apt-get, /var/vi Code:
josoap ALL=/bin/kill, /usr/bin/apt-get, /usr/bin/vi Code:
josoap ALL=NOPASSWD: /bin/kill, /usr/bin/apt-get, /usr/bin/vi |
OK awesome, thank you :)
|
Quote:
Thanks :) |
Quote:
As far as remote goes, I believe remote root is disabled by default. |
@ Reply
Quote:
Code:
vi /etc/ssh/sshd_config If you want to access server via ssh then access it using your username and then su - root. You should take care of one thing that never login to GUI using root account. If you are connecting to your server using ssh the best practice would be to login using your user account and then su - root. |
Quote:
Code:
josoap ALL=/bin/kill, /usr/bin/apt-get, /usr/bin/vi, /usr/bin/pico |
Quote:
Thanks :) |
Quote:
Quote:
Local Access: When you access a machine from within the network it is consider as local access. It doesn't matter even if you VPN. When you VPN you are in local network so that is local access. I am defining local access in terms of network not in terms of geography. Remote Access: When you access a machine from outside your network it is consider as remote access. This is my understanding of local and remote access. |
In security terms, specifically sshd_config, remote means anyone using an ssh client on another machine.
Strictly speaking, 'local' means you are already logged into the machine and just want to change users via su or sudo. IOW, local vs remote is defined relative to the machine itself, not the network its on, even if it is a 'LAN'. |
@ Reply
Hi Chrism,
Yes, you are right. I was thinking in terms on network. |
All times are GMT -5. The time now is 11:50 PM. |