How To Configure SUDO

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 6

How to configure SUDO

Sudoers (Super User Do) is third party tool which Unix administrator can provide the access to run
certain command which equivalent to root for required user. Upto Solaris 10, we have to install the
sudo packages separately and configure. But in Solaris 11 we will get the sudo packages as in built
one. In this article, we will understand about the sudo installation and configuration method in detail
manner.

/etc/sudoers is configuration file for sudo. This file MUST be edited with the 'visudo' command as root.
Let we can see the sudo prerequisites, in order to provide the required permission to user.
Specification Descriptions Examples
User_Alias
Groups of users which is seprated by
comma
User_Alias ORAADM = raj, dileep, linges
Cmnd_Alias
Groups of commands which is seprated
by comma
Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill,
/usr/bin/renice
User_Privilege
Allow User_Alias to execute
Cmnd_Alias
ORAADM ALL = PROCESSES (or) ORAADM ALL =
NOPASSWD: PROCESSES

You can download your sudo packages in given below link with respective your OS versions.
http://www.sudo.ws/sudo/download.html

Once your download is completed, please do the following steps to install the sudoers.
bash-3.00# uname -a
SunOS unixrock 5.10 Generic_142910-17 i86pc i386 i86pc
bash-3.00# pkgadd -d /var/tmp/TCMsudo-1.8.7-i386.pkg.gz

The following packages are available:
1 TCMsudo sudo 1.8.7
(i386) 1.8.7

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Processing package instance from
## Installing package in global zone

sudo 1.8.7(i386) 1.8.7
(c) 1993-1996,1998-2013 Todd C. Miller
## Booting non-running zone into administrative state
## Processing package information.
## Processing system information.
51 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

The following files are being installed with setuid and/or setgid
permissions:
/usr/local/bin/sudo

Do you want to install these as setuid/setgid files [y,n,?,q] y
This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing sudo 1.8.7 as

## Installing part 1 of 1.
[ verifying class ]
## Executing postinstall script.
/etc/sudoers.dist
/usr/local/bin/sudo
/usr/local/bin/sudoedit
/usr/local/bin/sudoreplay
/usr/local/include/sudo_plugin.h
/usr/local/libexec/sudo/group_file.so
/usr/local/libexec/sudo/sudo_noexec.so
/usr/local/libexec/sudo/sudoers.so
/usr/local/libexec/sudo/system_group.so
/usr/local/man/man1m/sudo.1m
/usr/local/man/man1m/sudo_plugin.1m
/usr/local/man/man1m/sudoedit.1m
/usr/local/man/man1m/sudoreplay.1m
/usr/local/man/man1m/visudo.1m
/usr/local/man/man4/sudo.conf.4
/usr/local/man/man4/sudoers.4
/usr/local/sbin/visudo
Installation of was successful.
bash-3.00#
After the installation we will get the sudoers file in the following locations
bash-3.00# ls -ltr /etc/sudoers
-r--r----- 1 root root 2919 Jul 12 22:53 /etc/sudoers
bash-3.00#
NOTE : Most of the time you can find the sudoers file on "/usr/local/etc"

Now we are ready to configure the sudoers with "visudo" command. In below example we are going to
work on below prerequisites. Users are linges, dillep, suneel, oraadm. Listed Users are requesting to
execute the useradd, userdel, usermod commands. suneel should only execute userdel command.
## User alias specification
User_Alias ADMIN_USER = linges, dillep, oraadm

## Cmnd alias specification
Cmnd_Alias ADMIN_CMD = /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod

## User privilege specification
ADMIN_USER ALL=NOPASSWD: ADMIN_CMD
suneel ALL=NOPASSWD: /usr/sbin/userdel
From below command we can check the respective users sudo persmissions.
bash-3.00# /usr/local/bin/sudo -l -U oraadm
User oraadm may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod
bash-3.00#
bash-3.00# /usr/local/bin/sudo -l -U suneel
User suneel may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/userdel
bash-3.00#
Let we can try to execute the user Privilege command
bash-3.00# su - oraadm
Oracle Corporation SunOS 5.10 Generic Patch January 2005
$ id
uid=103(oraadm) gid=1(other)
$ useradd
useradd: not found
$ /usr/sbin/useradd raj
UX: /usr/sbin/useradd: ERROR: Permission denied.
$
As a normal user couldn't able to run the useradd command here. let we can use with sudo
$ id -a
uid=103(oraadm) gid=1(other) groups=1(other)
$
$ /usr/local/bin/sudo -l
User oraadm may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod
$
$ /usr/local/bin/sudo /usr/sbin/useradd raj
$
$ tail -2 /etc/passwd
oraadm:x:103:1::/export/home/oraadm:/bin/sh
raj:x:104:1::/home/raj:/bin/sh
$
Yes, now we can able to execute the admin(root) command with sudo without any trouble.

You might also like