sudo configuration
 

Hi all.

I installed sudo but i have a problem with it.
When i'm on my usual account (normal user), if i write "sudo /usr/sbin/visudo" it asks me a password and then nothing happened. If i write "sudo reboot -n" nothing happend. What do i have to do to be able to execute task... by using "sudo command_name"

Thanks a lot

I tried to configure sudo in the past, but failed. I did what it said and it just never worked. I don't really see any benefit to using sudo over su, so I gave up.

yeah i know but in some case it's useful. It's the second time i try to configure it (previously on debian etch) but never suceeded. Does someone know how to do?

Thanks so much

Add your username to the wheel group in /etc/group file, example:

Then, uncomment the %wheel entry line in /etc/sudoers file (Note: you can fine tune which users are able to use what commands), example:

"Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments."
http://www.gratisoft.us/sudo/intro.html

if you just want this for some special commands you can edit the file /etc/sudoers as root into something like:

root ALL=(ALL) ALL
user darkstar=NOPASSWD:/usr/sbin/hddtemp

where user is your username and darkstar your hostname ...
in this example something like

user@darkstar:~$ sudo /usr/sbin/hddtemp /dev/hda

would be possible ...

add your user the predefined group in sudoers
default group is wheel

why use sudo over su
because then you can remove roots password and replace it with *
so noone can login to root
you can only sudo -i to login to root only from a user who has wheel group added, or any other group defined in sudoers

And how would that be more secure ? And, more importantly, what if you need root access at one point ? You'd have to use a user with root permissions ... kinda pointless.

bsdunix I did what you told me to do but nothing changed :(

This is not the actual use of sudo utility. This will be useful if more than one person administering a Linux/Unix machine. The /var/log/messages (Linux) or /var/adm/messages (Solaris) will have the log of the user executed the super user privileged command(s). So we can track the person who did something abnormally.

We can hide/remove the root account from the machine with the help of sudo, but this is not the actual intention. We can simply remove the root entry from /etc/passwd and give the 0 (uid) and 0 (gid) values for a normal user so that he will act as a root user.

For ex: musthafa:x:0:0:root users:/root:/bin/ksh

Use the sudo utility in server(s) which are administered by more than one person. Using the root account by more than one admin is not advisable and it is very difficult to track the changes done by those admins.

I would kindly copy you my /var/log/messages files
but i'm currently at work, and you can count how many times someone has tried to guess a root password on my server
and how many times they've tried to guess my user password

i guess it would be 500 to 0

so if root has no password, noone can log in directly to root, no mather what password they input
and u add a user named, i don't know stupiddog
and add the wheel group to it
now only you know the password to stupiddog and you can use sudo -i to gain root priviledge in other words log into root interactivly

and who would guess on a server with 100 users(i.e.)
that exactly stupiddog user has a group added in sudoers?