Home |
Last modified: 16-06-2020 |
Sudo is a very neat tool that lets users run commands under a different UID, without requiring SUID for those executables. In addition, a given user can run only certain commmands, under a certain UID, and for a limited period of time before being prompted again for his login password. All errors are logged.
Here's a sample:
# cat /etc/sudoersHere, I can login as ffaure, run sudo /bin/vi, and any file that I create will be owned by root:root!
# Host alias specification
Host_Alias ACME=linux.acme.com, fred.acme.com
# User alias specification
User_Alias ADMIN=root, ffaure
# Cmnd alias specification
Cmnd_Alias EDITOR=/bin/vi
Cmnd_Alias SCRIPT=/root/list.sh
# FF/Run as alias
Runas_Alias RUNASROOT=root
# User privilege specification
root ALL=(ALL) ALL
ffaure ACME=(RUNASROOT) EDITOR,(RUNASROOT) SCRIPT