linux:sudo
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:sudo [2022/09/27 11:50] manu [sudo -i] |
linux:sudo [2025/02/25 13:27] (current) manu [sudo howto] |
||
|---|---|---|---|
| Line 20: | Line 20: | ||
| # sudo -u bin -g operator /bin/ls /whatever/directory | # sudo -u bin -g operator /bin/ls /whatever/directory | ||
| - | <cli> | + | <cli prompt='>'> |
| [root@aix001]/etc/sudoers.d> cat zabbix | [root@aix001]/etc/sudoers.d> cat zabbix | ||
| %AIXUSERS ALL=(root) NOPASSWD: /usr/bin/vi /etc/zabbix/* | %AIXUSERS ALL=(root) NOPASSWD: /usr/bin/vi /etc/zabbix/* | ||
| Line 32: | Line 32: | ||
| Zabbix agent started | Zabbix agent started | ||
| </cli> | </cli> | ||
| + | |||
| + | Change sudo default timeout (5 min): | ||
| + | <cli prompt='>'> | ||
| + | root@nimprod /root> sudo -V | grep -i time | ||
| + | Lecture user the first time they run sudo | ||
| + | Authentication timestamp timeout: 120.0 minutes | ||
| + | Password prompt timeout: 5.0 minutes | ||
| + | Path to authentication timestamp dir: /var/run/sudo/ts | ||
| + | Type of authentication timestamp record: tty | ||
| + | Sudo log server timeout in seconds: 30 | ||
| + | |||
| + | root@nimprod /root> grep -i time /etc/sudoers | ||
| + | Defaults timestamp_timeout=120 | ||
| + | </cli> | ||
| + | |||
| + | ====== "sudo -i" VS "sudo su" ===== | ||
| + | |||
| + | ==== sudo su ==== | ||
| + | |||
| + | This command asks for the current user’s password rather than root. | ||
| + | |||
| + | It’s essentially the same as just running su in the shell, save for one crucial difference: instead of telling the system to “switch users” directly, you’re telling it to run the su command with superuser privileges. When sudo su is run, “.profile,” “.bashrc” and “/etc/profile” will be started, much like running su (or su root). If any command is run with sudo in front of it, it is given root privileges. | ||
| + | |||
| + | Though there isn’t a large divergence between sudo su and su, the former is still a very useful command for one important reason: when a user is running su to gain root access on a system, they must know the root password. Root is given with sudo su by requesting the current user’s password, which makes it possible to gain root without the root password. | ||
| + | |||
| + | This is useful in situations where you may have forgotten the root password if it’s different from the password for your user account. While you could do this in the meantime, you should still reset the root password at some point. | ||
| ==== sudo -i ==== | ==== sudo -i ==== | ||
| Line 52: | Line 78: | ||
| In our case, **sudo -s** gave us the fish interactive shell, as we previously installed fish as our default shell, so it would be as if we ran sudo /usr/bin/fish. | In our case, **sudo -s** gave us the fish interactive shell, as we previously installed fish as our default shell, so it would be as if we ran sudo /usr/bin/fish. | ||
| + | |||
| + | Sudo -s is a “non-login” style shell. Unlike a command like sudo -i or sudo su, the system will not read any environmental files. When a user tells the shell to run sudo -s, it gains root but will not change the user environment. Your home will not be the root home, etc. | ||
| + | |||
| + | This command is best used when the user wants to switch over to root but keep the same shell environment. | ||
| + | |||
| + | ===== Run command su/sudo with nologin ===== | ||
| + | |||
| + | As user with nologin shell can't be reached with "su - user", but you can use instead the command | ||
| + | runuser | ||
| + | |||
linux/sudo.1664272232.txt.gz · Last modified: 2022/09/27 11:50 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
