01-25-2013
When sudo asks you for a password, it generally asks you for your own password, not somebody else's. Sudo uses it's configuration file to decide who's permitted to do what, and the users only need to prove they are themselves (not some random guy who saw an open terminal and sat down at your computer).
10 More Discussions You Might Find Interesting
1. AIX
I want give a user "sar" permission, so I modify the sudoers file: unix1 is the group for users can use sar command
Cmnd_Alias RUN_SAR = /usr/sbin/sar
User_Alias UNIX1_USERS = %unix1
UNIX1_USERS ALL = NOPASSWD:RUN_SAR
However, when I run sar command, it shows:
$ sar 1 4
sar: The... (1 Reply)
Discussion started by: rainbow_bean
1 Replies
2. UNIX for Advanced & Expert Users
Hello,
I am logging to a server using username 'test'. I want to execute some commands as user test2.
When I am trying to run `sudo su - test2 -c 'ls'` it gives error user 'test' is not allowed to run sudo in host. But when I login into the account 'test2' using sudo su - test2 all these... (6 Replies)
Discussion started by: karayan
6 Replies
3. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
4. Ubuntu
I'm fairly new to unix and I was trying to change the name of my host and my user. I changed the name in /hostname using this: gksudo gedit /etc/hostname I then tried changing the name back but it still gave the same error: {env_reset,... (1 Reply)
Discussion started by: H3jck
1 Replies
5. UNIX for Dummies Questions & Answers
Hi,
I am using ubuntu 12.04 and every time I installed new program or do:
sudo apt-get install -f
I get the following mesage:
Download done.
sha256sum mismatch jdk-7u3-linux-x64.tar.gz
Oracle JDK 7 is NOT installed.
dpkg: error processing oracle-java7-installer (--configure):
subprocess... (2 Replies)
Discussion started by: programAngel
2 Replies
6. UNIX for Advanced & Expert Users
Hi
I am trying to automate the deployment of a tar ball onto a set of remote servers and am getting this error from the ssh -
sudo: no tty present and no askpass program specified
What I have done is add some code into the user's ssh key that does a few things like delete the existing... (2 Replies)
Discussion started by: steadyonabix
2 Replies
7. Emergency UNIX and Linux Support
Im Using Centos Version
$ cat /etc/redhat-release
CentOS release 6.4 (Final)
I'm Using Sudo Version
$ sudo -V
Sudo version 1.8.6p3
Sudoers policy plugin version 1.8.6p3
Sudoers file grammar version 42
Sudoers I/O plugin version 1.8.6p3
tried to setup notification mail for sudo,... (2 Replies)
Discussion started by: babinlonston
2 Replies
8. Solaris
I cannot solve the following error bellow.
Can someone help me on this please?
Mar 31 07:08:45 serverx sudo: fork
Mar 31 07:18:50 serverx sudo: fork
Mar 31 07:28:45 serverx sudo: fork
Mar 31 07:38:47 serverx sudo: fork
Mar 31 07:48:45 serverx sudo: fork
Mar 31 07:58:45 serverx... (1 Reply)
Discussion started by: pangarano
1 Replies
9. Shell Programming and Scripting
Team ,
I am trying to sudo to instnace using a shell script .In out put i am getting this error for every line ...I am running this script as root ..
sudo su - userid -i db2 "command "
Error
/etc/profile: shopt: not found
how can we overcome this error ? Can someone help on... (1 Reply)
Discussion started by: rocking77
1 Replies
10. AIX
Hello,
I tried installing sudo on a lab AIX server. It has been successfully installed. but i still see the below errors.
/>sudo -V
Sudo version 1.8.27
Configure options: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --libdir=/opt/freeware/lib --mandir=/opt/freeware/man... (8 Replies)
Discussion started by: System Admin 77
8 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)