Skip to main content

sudo Command Tips and Tricks


sing sudo command, an user can execute root only commands.
In this article, let us review how to setup sudo environment along with some sudo command examples, tips, and tricks.

1. Set up sudo Environment in /etc/sudoers

You can provide sudo privilege to an individual user or a group by modifying /etc/sudoers.

sudo access to an user

To provide sudo access to an individual user, add the following line to the /etc/sudoers file.
sathiya    ALL=(ALL) ALL
In the above example:
  • sathiya : name of user to be allowed to use sudo
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.

sudo access to a group

To provide sudo access to a group, add the following line to the /etc/sudoers file.
%programmers    ALL=(ALL) ALL
In the above example:
  • programmers : name of group to be allowed to use sudo. Group name should be preceded with percentage symbol.
  • ALL : Allow sudo access from any terminal ( any machine ).
  • (ALL) : Allow sudo command to be executed as any user.
  • ALL : Allow all commands to be executed.
Note: Ubuntu users are already familiar with sudo command, as you’ll use sudo apt-get installto install any package. On Ubuntu, sudo is already setup for your username as shown below. i.e All users who belong to admin group has access to execute root commands using sudo.
$ sudo cat /etc/sudoers
%admin ALL=(ALL) ALL

$ grep admin /etc/group
admin:x:115:sathiya

2. Executing a command as super user

Once the sudo access is provided to your account in /etc/sudoers, you can pass any root command as an argument to the sudo command. For example, mount can only be done by root. But, a normal user can do mount as shown below using sudo.
$ sudo mount /dev/sda3 /mnt
Note: If you are executing sudo for the first time in a shell it will ask for the password ( current user password ) by default.

3. Forgot to Use Sudo in Vim? No Worries. Save file Trick in vim with sudo

When you have opened a file that can be saved only by root user using vim (without using the sudo command), you can do the following.
For example, if you want to edit the file /etc/group that can only be saved by root user, you typically do the following. When you do a :w, no problem, it will work, as it was opened using sudo command.
$ sudo vim /etc/group
:w
What if you’ve forgot to give sudo when you’ve opened the /etc/group file as shown below? In this case, instead of coming out of the file (and loosing all your changes) and executing the vim command with sudo, you can do the following.
$ vim /etc/group

:w !sudo tee %
Note: “:w !sudo tee %” will save the file as root privilege, even if you didn’t use sudo command to open it.

4. Forgot to give sudo for root command? Do it again using !!

If you’ve forgot to give sudo for a command that requires root privilege, instead of typing the command with sudo again, you can simply do sudo !! as shown below.
$ head -n 4 /etc/sudoers
head: cannot open `/etc/sudoers' for reading: Permission denied

$ sudo !!
sudo head -n 4 /etc/sudoers
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#

5. Get Root Shell Access using Sudo

To get a root shell from your user account, do the following.
$ sudo bash
Once you get the root shell, you can execute any root command without having to enter sudo in front of it every time.

6. Built in commands won’t work with Sudo – Command not found

sudo invokes an executable as the another user, so bash built in commands won’t work. It will give “sudo command not found” error as shown below.
For example, umask is a bash built-in command, which will not work when used along with sudo as shown below.
$ sudo umask
sudo: umask: command not found
Work-around: To use bash shell built-in command in sudo, first get the root shell, by doing ‘sudo bash’ and then execute the shell built in command.

7. View Unauthorized Sudo command executions from auth.log

When an user who doesn’t have sudo permission, tries to execute sudo command, they’ll get following error message.
$ sudo ls /
[sudo] password for test:
raj is not in the sudoers file.  This incident will be reported.
Anytime this happens, it will be logged in the /var/log/auth.log file for sysadmins to view any unauthorized sudo access.
Sep 25 18:41:35 sathiya sudo:   raj : user NOT in sudoers ; TTY=pts/4 ; PWD=/home/raj ; USER=root ; COMMAND=/bin/ls /
Labels:

Comments

Post a Comment

Popular posts from this blog

How to reset HP ILO password without reboot when you forgot the admin (root) password: ESX, Windows & Linux

How to reset HP ILO password without reboot when you forgot the admin (root) password: ESX, Windows & Linux This is still a test subject and i gathered all the methods and pasting it here for future reference & need to check whether the below steps are working or not on ESX and ESXI.  I am sure its working for Linux and Windows if the ILO drivers installed. ESX: You can configure the ILO board when you reboot your server and press <F8> but all your VM’s will be powered down. The other way is installing hponcfg in the service console.First we need to download the below three rpm files from HP site. Then copy files to the tmp folder of your server console. Install the rpm files using the following command. [root@esxhost tmp]# rpm -ihv hponcfg-version.linux.rpm hpasm-version.rhel3.i386.rpm hprsm-version.rhel3.i386.rpm Create a Password_ILO_reset.xml file and copy it to your tmp folder. <RIBCL VERSION=”2.0″> <LOGIN USER_LOGIN=”Administ
Post a Comment
Read more

Veritas cluster Interview Questions-2

Please go through questions and answers. Let me know if you have any doubt by leaving comment. Adding and removing cluster node  Q-1 How to add a node in an existing cluster? Ans:    Adding a node into an existing cluster is a multi steps process. 1:       Set up the hardware Before adding a node to an existing cluster, node must be physically connected with the cluster.       1: Connect the VCS private Ethernet controllers       2: Connect the node to the shared storage 2:       Install the VCS software in the node           Install the VCS software and install the license. 3:       Configure LLT and GAB Create the LLT & GAB configuration files (/etc/llthosts, /etc/llttab and /etc/gabtab) in the new node and update the files on the existing node. 4:       Add the node to an existing cluster We have to perform below given tasks in any of the existing node of a cluster          1:Make to cluster configuration R/W           # haconf –makerw           2:Add the new node to the cl
Post a Comment
Read more