01-27-2020
The privilege you have permits you to become the superuser, but not to directly run anything from your account but as the superuser.
If you can become the superuser, then I presume you are the system administrator (or part of the team) so you should know how to write yourself the appropriate sudo rule. Can you show us what you have tried?
- - CAUTION - -
If you break the
sudo rules, then it is possible to lock yourself out, i.e. if they are invalid then you may not be able to even
sudo su - like you can at the moment.
Make sure you have several superuser session already connected before you do this, and better to use the
visudo tool too. It protects you somewhat, but it's probably not infallible.
Take copies of any files before you changes them and make sure you have a way and privilege to put them back if you need to. Save the permissions, else
sudo may still refuse to run.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi
I have installed solaris 10 on an intel machine. Logged in as root. In CDE, i open terminal session, type login alex (normal user account) and password and i get this message
No utpmx entry: you must exec "login" from lowest level "shell" :confused:
What i want is: open various... (0 Replies)
Discussion started by: peterpan
0 Replies
2. Solaris
I'm running sendmail (8.13.8+Sun/8.13.8/Submit) solaris 10.
When I send mail to root at the command line (whether I use a full-qualified address or just root), I get the error message
root... User address required.
Sending mail to root (either at the command line or in a cron job),... (10 Replies)
Discussion started by: csgonan
10 Replies
3. Red Hat
Friends ,
i want to run my smtp service as a root .
let me know what r the changes i have to made to my machine .
AVklinux (1 Reply)
Discussion started by: avklinux
1 Replies
4. UNIX for Dummies Questions & Answers
hi,
I've read different posts regarding crontab but none helped out...the shell scrip that I want to run through crontab gets run through crontab when I use the following crontab statement:
13 17 * * * /usr/net/gcc/DBdrop.sh > /usr/net/gcc/DBdrop.log 2>&1
but it does not run when I scheduel... (2 Replies)
Discussion started by: linux0004
2 Replies
5. UNIX for Dummies Questions & Answers
HI All,
I am using solaris
i created a user adam and updated his permissions
in vi sudoers file as follows
adam ALL=(ALL) NOPASSWORD: ALL
...........
when i create user by logging as sudo user .
$ sudo useradd -d /home/kalyan -m -s /bin/sh kalyan
sudo: not found
... (6 Replies)
Discussion started by: kalyankalyan
6 Replies
6. Shell Programming and Scripting
Hi,
I have line in input file as below:
3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL
My expected output for line in the file must be :
"1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL"
Can someone... (7 Replies)
Discussion started by: shis100
7 Replies
7. Shell Programming and Scripting
copying daily changes from serverA to serverB using rsync(solaris8, v2.6.2) at root folder level.
serverA: cd /
rsync -a -vv --delete --checksum --sparse --stats --dry-run --exclude /tmp/ --exclude /proc/ --exclude /devices/ . root@<IP of ServerB>:/
This is generating mainly three debug... (0 Replies)
Discussion started by: kchinnam
0 Replies
8. AIX
Our AIX servers send e-mails which have the "from" address set to "root@company.com" for our root user ("C{M}company.com" in /etc/sendmail.cf). The problem is that when bad e-mails are sent out or rejected by remote servers, they are being returned and delivered to e-mail box of "Mary Root".
... (2 Replies)
Discussion started by: kah00na
2 Replies
9. UNIX for Dummies Questions & Answers
How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address
and column 3 contains “cc” e-mail address to include with same email.
Sample input file, email.txt
Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies
10. Shell Programming and Scripting
Hi,
There are 2 users (T886072 & T864764) that need to be provided full (rwx) access to a directory. I made the changes to the directory permissions using chmod and setfacl :
root@digidb2:# chmod 700 /u02/ftpfiles/MFRS16/discount_rates/
root@digidb2:# setfacl -s... (3 Replies)
Discussion started by: anaigini45
3 Replies
LEARN ABOUT LINUX
sudo_root
sudo_root(8) System Manager's Manual sudo_root(8)
NAME
sudo_root - How to run administrative commands
SYNOPSIS
sudo command
sudo -i
INTRODUCTION
By default, the password for the user "root" (the system administrator) is locked. This means you cannot login as root or use su. Instead,
the installer will set up sudo to allow the user that is created during install to run all administrative commands.
This means that in the terminal you can use sudo for commands that require root privileges. All programs in the menu will use a graphical
sudo to prompt for a password. When sudo asks for a password, it needs your password, this means that a root password is not needed.
To run a command which requires root privileges in a terminal, simply prepend sudo in front of it. To get an interactive root shell, use
sudo -i.
ALLOWING OTHER USERS TO RUN SUDO
By default, only the user who installed the system is permitted to run sudo. To add more administrators, i. e. users who can run sudo, you
have to add these users to the group 'admin' by doing one of the following steps:
* In a shell, do
sudo adduser username admin
* Use the graphical "Users & Groups" program in the "System settings" menu to add the new user to the admin group.
BENEFITS OF USING SUDO
The benefits of leaving root disabled by default include the following:
* Users do not have to remember an extra password, which they are likely to forget.
* The installer is able to ask fewer questions.
* It avoids the "I can do anything" interactive login by default - you will be prompted for a password before major changes can happen,
which should make you think about the consequences of what you are doing.
* Sudo adds a log entry of the command(s) run (in /var/log/auth.log).
* Every attacker trying to brute-force their way into your box will know it has an account named root and will try that first. What they do
not know is what the usernames of your other users are.
* Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from the admin group, while not
compromising the root account.
* sudo can be set up with a much more fine-grained security policy.
* On systems with more than one administrator using sudo avoids sharing a password amongst them.
DOWNSIDES OF USING SUDO
Although for desktops the benefits of using sudo are great, there are possible issues which need to be noted:
* Redirecting the output of commands run with sudo can be confusing at first. For instance consider
sudo ls > /root/somefile
will not work since it is the shell that tries to write to that file. You can use
ls | sudo tee /root/somefile
to get the behaviour you want.
* In a lot of office environments the ONLY local user on a system is root. All other users are imported using NSS techniques such as
nss-ldap. To setup a workstation, or fix it, in the case of a network failure where nss-ldap is broken, root is required. This tends to
leave the system unusable. An extra local user, or an enabled root password is needed here.
GOING BACK TO A TRADITIONAL ROOT ACCOUNT
This is not recommended!
To enable the root account (i.e. set a password) use:
sudo passwd root
Afterwards, edit the sudo configuration with sudo visudo and comment out the line
%admin ALL=(ALL) ALL
to disable sudo access to members of the admin group.
SEE ALSO
sudo(8), https://wiki.ubuntu.com/RootSudo
February 8, 2006 sudo_root(8)