2009年9月7日月曜日

Config sudo in Fedora11

Configuring SUDO

by Richard June last modified Jan 30, 2008 03:46 AM
Contributors: Scott Glaser AKA Sonar_Guy
— filed under:

It is a known fact that operating a computer as administrator (or root in linux) is very bad. This How-To covers how to configure and use sudo to perform commands as root, allowing you to do what you need to do, and still behaving like a moderately responsible person. There are two parts: part one is configuring sudo to allow users in the group "wheel" to run commands as root. Part two is adding users to the "wheel" group. Allowing users to run commands as root without first requiring a password is a potentially dangerous thing. Extra care should be taken if you choose to let sudo run without a password.

Requirements

The person performing this How-To must have root access to the machine on which this is being performed.

Doing the work

Configuring SUDO

  1. Open a terminal.
  2. In the terminal enter the following:
    su --login -c 'visudo'
  3. Press enter, at the password prompt enter the password for root, then press enter.
  4. A display similar to the following will be displayed:
    # sudoers file.
    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # See the sudoers man page for the details on how to write a sudoers file.
    #
    # Host alias specification
    # User alias specification
    # Cmnd alias specification
    # Defaults specification
    # Runas alias specification
    # User privilege specification
    root ALL=(ALL) ALL
    # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now
  5. Below the line root ALL=(ALL) ALL add the user that you want to have root access as shown below:
    sglaser    ALL=(ALL) ALL
  6. If you *want* sudo to prompt for a password, use the arrow keys to go down to the line that reads "# %wheel ALL=(ALL) ALL" and delete the # at the beginning of the line using the 'x' key (NOTE: it's your own password, not roots).
  7. If you do *NOT* want sudo to prompt for a password, use the arrow keys to go down to the line that reads "# %wheel ALL=(ALL) NOPASSWD: ALL" and delete the # at the beginning of the line using the 'x' key.
    Once you have uncommented one of the lines, press "ESC" then enter the following to save the changes :
     :wq
  8. OPTIONAL: If you want to be able to use sudo without having to type the full root path every time (e.g.: /sbin/fdisk), on a per-user instead of system-wide default, then you should prefix root's command path to your user's PATH variable in ~/.bash_profile. Change it to:
    PATH=$PATH:/usr/sbin:/sbin:$HOME/bin

Adding Users to the Wheel Group from the command-line

  1. To add users to the Wheel Group from the command line perform the following:
    su -c 'gpasswd -a username wheel'
    At the password prompt enter the password for the root user, then press enter.

Adding Users to the Wheel Group from the GUI

  1. From the Menubar seletct "System->Administration->Users and Groups".
  2. When the password dialog window opens, type in the root password and click "Ok".
  3. In the User Manager window, double click on the user you want to add to the wheel group.
  4. In the User Properties window, select the "Groups" tab.
  5. In the groups tab of the User Properties window, scroll down and locate wheel, then check the box for wheel.
  6. Select "Ok.
  7. Then in the User Manager window, select "File->Quit".
  8. Logout of your current session, then log back in for the changes to take effect.

Troubleshooting

How to test

  1. Open a terminal.
  2. Then enter the following:
    sudo whoami
  3. Then press "Enter"
  4. Depending on the configuration you selected, you may or may not have to enter your password (NOTE: If you do have to enter a password it will be your user password, not roots).
  5. If everything is working properly the command should simply return the word "root".

0 件のコメント: