Sudo stands for either "substitute user do" or "super user do" (depending upon how you want to look at it). What sudo does is incredibly important and crucial to many Linux distributions. Effectively, sudo allows a user to run a program as another user (most often the root user). There are many that think sudo is the best way to achieve "best practice security" on Linux Users can login using their username and password and can issue administrative commands placing sudo in front of the commands,
e.g. sudo rpm -Uvh *.rpm , to run the command which installs and updates programs in Linux (rpm)
How to give different sudo permissions to normal users?
Open the /etc/sudoers file by executing
#visudo command and go to line no. 98 and type as
<User name>
<Machine>=
<Command>
root ALL=(ALL) ALL
raju All= ALL
----Save and exit this file.
Note :
When we trying to save this file if any syntax errors in this file, those errors are displayed with line no's and What you do ? (will be displayed, here press 'e' to edit this file and modify those errors or mistakes and save this file.
# su - raju
(to switch to raju user)
# sudo useradd <useradd>
(The normal user raju can also add the users to the system)
* We can assign sudo permissions to 'n' no. of users by specifying names separated by commas ( , ) or line by line.
* Instead of giving all permissions to normal user we can give only some commands.
Example : student ALL=/usr/sbin/useradd, /usr/sbin/usermod
raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for that users.
vim /etc/sudoers file by executing the command
# visudo and type as follows.
* We can also create one command alias and add some commands to that alias and mention that
alias to users as follows.
Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig
raju ALL=NETWORKING
In which location the sudo user commands history is logged?
All the sudo users commands history is logged in /var/log/secure file to make a record of sudo usercommands.
# cat /var/log/secure
(to see the contents of this file)
# tailf /var/log/secure (to see the updates of this file continuously and press ctrl + c to quit the
tailf)
How to assign the password to normal user by him whenever first login to the system?
Whenever the user is created and that user is trying to login to the system, it will ask the password. If the root user is not assign the password to that user, then that normal user can assign the password by his own using the following commands.# useradd <user name> (to create the user)
# passwd -S <user name> (to see the status of the password of that user. if root user is not assigned the password then the password status is locked)
# passwd -d <user name> (then delete the password for that user)
# chage -d 0 <user name> (it will change the password age policy)
# su - <user name> (Try to switch to that user then it will display the following
message)
Newpassword :
(type new password for that user)
Retype password :
(retype the password again)
# w (this command gives the login user information like how many users currently login and full information )
# who (to see users who are currently login and on which terminal they login)
# last (see the list of users who are login and logout since the /var/log/wtmp file was created)
# lastb (to see the list of the users who tried as bad logins)
# lastreboot (to see all reboots since the log file was created)
# uptime (to see the information from how long the system is running, how many users login and load average)
* The load average is from 1 sec : 5 secs : 15 secs
# df (to see the mounted partitions, their mount points and amount of disk space)
# du (to see the disk usage of the each file in bytes)
# uname -r (gives the current kernel version)
# last -x (It shows last shutdown date and time)
# last -x grep shutdown (only shutdown time shows ie., grep will filter the 'last -x' command)
* grep: It is used to search a word or sentence in file (ie., inside the file)
* find : It is used to search a command or file inside the system)
# cat /etc/shells or
/bin/sh -----> default shell for Unix /bin/bash -----> default shell for Linux
/sbin/nologin -----> users cannot login shell /bin/tcsh
-----> c shell to write 'C++' language programs
/bin/csh -----> c shell to write 'C' language programs
# echo $SHELL
(to see the current shell)
# chsh <user name>
(to change the user's shell)
Changing shell for <user name> :
New shell : <type new shell for example /bin/sh to change the current shell>
New shell changed
(But it will effect by restarting the server)
# date + %R
(to display the time only)
# date + %x
(to display the date only)
# history
(to see the history of the commands)
#history -c
(to clear the history)
# history -r (to recover the history)
* .bash_history is the hidden file to store the history of the user commands. By default history size is
1000.
# echo $HISTSIZE
(to check the current history size)
No comments:
Post a Comment