Difference between revisions of "Package:Sudo"

From Funtoo
Jump to navigation Jump to search
m (updated to user sudo lock root to ensure that the user's got sudo)
m (a bit better, needs individual commands saving what i've got so far)
 
Line 12: Line 12:


==== Configuration ====
==== Configuration ====
===== Passwordless =====
===== /etc/sudoers.d/ =====
The sudo configuration file is located @ {{f|/etc/sudoers}}.
Instead of editing {{f|/etc/sudoers}}, you may drop individual configuration files into the {{f|/etc/sudoers.d/}} directory
 
===== Passwordless Sudoer =====
The sudo configuration file is located @ {{f|/etc/sudoers}}.  When editing this file be very careful to not introduce syntax errors.  Several other linux distributions use {{c|visudo}} to edit {{f|/etc/sudoers}}.


{{Console|body=$##i## su -c 'nano /etc/sudoers'}}
{{Console|body=$##i## su -c 'nano /etc/sudoers'}}


Remove the # in the line....
{{file|name=/etc/sudoers|lang=|desc=uncomment wheel group no password sudo|body=
 
%wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
}}


Add your user to the wheel group to enable sudo:
Add your user to the wheel group to enable sudo:
Line 45: Line 48:


{{console|body=$##i## echo "complete -cf sudo" >> $HOME/.bashrc}}
{{console|body=$##i## echo "complete -cf sudo" >> $HOME/.bashrc}}
==== Passing Environment Variables ====
To pass environment variables to the temporary root use the -E flag.
{{console|body=$##i## sudo -E echo 'hello world'}}
==== Passing Aliases ====
If your user has aliases you wish to use under sudo you must alias sudo with a space first:
{{console|body=$##i## echo "alias sudo='sudo '" >> $HOME/.bashrc}}


{{EbuildFooter}}
{{EbuildFooter}}

Latest revision as of 05:38, January 25, 2015

Sudo

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.


sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.

Emerge

root # emerge sudo

Configuration

/etc/sudoers.d/

Instead of editing /etc/sudoers, you may drop individual configuration files into the /etc/sudoers.d/ directory

Passwordless Sudoer

The sudo configuration file is located @ /etc/sudoers. When editing this file be very careful to not introduce syntax errors. Several other linux distributions use visudo to edit /etc/sudoers.

user $ su -c 'nano /etc/sudoers'
   /etc/sudoers - uncomment wheel group no password sudo
%wheel ALL=(ALL) NOPASSWD: ALL

Add your user to the wheel group to enable sudo:

user $ su -c 'gpasswd -a $USER wheel'

Either log out, and in again or restart:

user $ su -c 'shutdown -r now'
Disabling Root Access By Password

To better secure a system, one may desire to disable root logins by password.

user $ sudo passwd -ld root

to access root:

user $ sudo su

Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.

Bash Completion

Users that want bash completion with sudo need to run this once.

user $ echo "complete -cf sudo" >> $HOME/.bashrc

Passing Environment Variables

To pass environment variables to the temporary root use the -E flag.

user $ sudo -E echo 'hello world'

Passing Aliases

If your user has aliases you wish to use under sudo you must alias sudo with a space first:

user $ echo "alias sudo='sudo '" >> $HOME/.bashrc