Difference between revisions of "Package:Sudo"

From Funtoo
Jump to navigation Jump to search
m (import 6's gentoo wiki commit)
m (a bit better, needs individual commands saving what i've got so far)
 
(5 intermediate revisions by 2 users not shown)
Line 4: Line 4:
|Homepage=http://www.sudo.ws/
|Homepage=http://www.sudo.ws/
}}
}}
sudo is essential to not entering passwords for root actions while in a locked down user environment.
{{PageNeedsUpdates}}
=== sudo ===
{{console| ###i## emerge sudo}}


==== configuration ====
sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.
the sudo configuration file is located @ /etc/sudoers


{{Console|$##i##su -c 'nano /etc/sudoers'}}
=== Emerge ===
{{console|body=###i## emerge sudo}}


remove the # in the line....
==== Configuration ====
===== /etc/sudoers.d/ =====
Instead of editing {{f|/etc/sudoers}}, you may drop individual configuration files into the {{f|/etc/sudoers.d/}} directory


===== Passwordless Sudoer =====
The sudo configuration file is located @ {{f|/etc/sudoers}}.  When editing this file be very careful to not introduce syntax errors.  Several other linux distributions use {{c|visudo}} to edit {{f|/etc/sudoers}}.
{{Console|body=$##i## su -c 'nano /etc/sudoers'}}
{{file|name=/etc/sudoers|lang=|desc=uncomment wheel group no password sudo|body=
%wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
}}
Add your user to the wheel group to enable sudo:
{{Console|body=$##i## su -c 'gpasswd -a $USER wheel'}}
Either log out, and in again or restart:
{{Console|body=$##i## su -c 'shutdown -r now'}}
===== Disabling Root Access By Password =====
To better secure a system, one may desire to disable root logins by password.
{{console|body= $##i## sudo passwd -ld root}}
to access root:
{{Console|body= $##i## sudo su}}
Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.
====Bash Completion====


add your user to the wheel group to enable sudo
Users that want bash completion with sudo need to run this once.


{{Console|$##i## su -c 'gpasswd -a $USER wheel'}}
{{console|body=$##i## echo "complete -cf sudo" >> $HOME/.bashrc}}


either log out and in again or restart
==== Passing Environment Variables ====
To pass environment variables to the temporary root use the -E flag.
{{console|body=$##i## sudo -E echo 'hello world'}}


{{Console|$##i## su -c 'shutdown -r now'}}
==== Passing Aliases ====
If your user has aliases you wish to use under sudo you must alias sudo with a space first:
{{console|body=$##i## echo "alias sudo='sudo '" >> $HOME/.bashrc}}


{{EbuildFooter}}
{{EbuildFooter}}

Latest revision as of 05:38, January 25, 2015

Sudo

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.


sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.

Emerge

root # emerge sudo

Configuration

/etc/sudoers.d/

Instead of editing /etc/sudoers, you may drop individual configuration files into the /etc/sudoers.d/ directory

Passwordless Sudoer

The sudo configuration file is located @ /etc/sudoers. When editing this file be very careful to not introduce syntax errors. Several other linux distributions use visudo to edit /etc/sudoers.

user $ su -c 'nano /etc/sudoers'
   /etc/sudoers - uncomment wheel group no password sudo
%wheel ALL=(ALL) NOPASSWD: ALL

Add your user to the wheel group to enable sudo:

user $ su -c 'gpasswd -a $USER wheel'

Either log out, and in again or restart:

user $ su -c 'shutdown -r now'
Disabling Root Access By Password

To better secure a system, one may desire to disable root logins by password.

user $ sudo passwd -ld root

to access root:

user $ sudo su

Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.

Bash Completion

Users that want bash completion with sudo need to run this once.

user $ echo "complete -cf sudo" >> $HOME/.bashrc

Passing Environment Variables

To pass environment variables to the temporary root use the -E flag.

user $ sudo -E echo 'hello world'

Passing Aliases

If your user has aliases you wish to use under sudo you must alias sudo with a space first:

user $ echo "alias sudo='sudo '" >> $HOME/.bashrc