Difference between pages "Package:Chrony" and "Package:Sudo"

(Difference between pages)
m (update console templates & insert ebuild info)
 
m (a bit better, needs individual commands saving what i've got so far)
 
Line 1: Line 1:
 
{{Ebuild
 
{{Ebuild
|Summary=Chrony is a pair of programs (chronyd and chronyc) which are used to maintain the accuracy of the system clock on a computer. chronyd has been specifically written to work well for systems which have only an intermittent (e.g. dial-up) connection to the network where the NTP servers are. It still works well in a "permanently connected" mode.
+
|Summary=Allows users or groups to run commands as other users
|CatPkg=net-misc/chrony
+
|CatPkg=app-admin/sudo
|Homepage=http://chrony.tuxfamily.org/
+
|Homepage=http://www.sudo.ws/
 
}}
 
}}
 +
{{PageNeedsUpdates}}
  
=== Accurate System Time (NTP) ===
+
sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.
  
It's important that your Funtoo Linux system has an accurate clock. NTP (network time protocol) can ensure your clock is accurate at all time.
+
=== Emerge ===
 +
{{console|body=###i## emerge sudo}}
  
The recommended NTP client/server is '''{{Package|net-misc/chrony}}'''.
+
==== Configuration ====
 +
===== /etc/sudoers.d/ =====
 +
Instead of editing {{f|/etc/sudoers}}, you may drop individual configuration files into the {{f|/etc/sudoers.d/}} directory
  
{{console|body=
+
===== Passwordless Sudoer =====
###i## emerge chrony
+
The sudo configuration file is located @ {{f|/etc/sudoers}}.  When editing this file be very careful to not introduce syntax errors.  Several other linux distributions use {{c|visudo}} to edit {{f|/etc/sudoers}}.
###i## rc-update add chronyd default
+
 
 +
{{Console|body=$##i## su -c 'nano /etc/sudoers'}}
 +
 
 +
{{file|name=/etc/sudoers|lang=|desc=uncomment wheel group no password sudo|body=
 +
%wheel ALL=(ALL) NOPASSWD: ALL
 
}}
 
}}
  
Use something like the following for your <code>/etc/chrony/chrony.conf</code>:
+
Add your user to the wheel group to enable sudo:
  
<pre>
+
{{Console|body=$##i## su -c 'gpasswd -a $USER wheel'}}
server time.apple.com
+
maxupdateskew 100
+
driftfile /etc/chrony/chrony.drift
+
keyfile /etc/chrony/chrony.keys
+
commandkey 1
+
dumponexit
+
dumpdir /var/log/chrony
+
initstepslew 10 time.apple.com
+
logdir /var/log/chrony
+
log measurements statistics tracking
+
logchange 0.5
+
mailonchange me@emailprovider.com 0.5
+
rtcfile /etc/chrony/chrony.rtc
+
rtconutc
+
sched_priority 1
+
lock_all
+
</pre>
+
  
Chronyd can then be started immediately by running <code>rc</code> to start all new services:
+
Either log out, and in again or restart:
  
{{console|body=
+
{{Console|body=$##i## su -c 'shutdown -r now'}}
###i## rc
+
 
}}
+
===== Disabling Root Access By Password =====
 +
To better secure a system, one may desire to disable root logins by password.
 +
 
 +
{{console|body= $##i## sudo passwd -ld root}}
 +
 
 +
to access root:
 +
 
 +
{{Console|body= $##i## sudo su}}
 +
 
 +
Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.
 +
 
 +
====Bash Completion====
  
Because Funtoo Linux starts network daemons without waiting for an Internet connection to become available, and because chrony will attempt to synchronize the clock over the Internet when it first starts, you must manually configure chronyd to be dependent on whatever method you use to enable your outbound network connectivity. For example, if using <code>dhcpcd</code>, add the following to <code>/etc/conf.d/chronyd</code>:
+
Users that want bash completion with sudo need to run this once.
  
<pre>
+
{{console|body=$##i## echo "complete -cf sudo" >> $HOME/.bashrc}}
rc_need=dhcpcd
+
</pre>
+
  
You should notice a marked improvement in your system clock's accuracy. If your system time was off by a significant amount, <code>chronyd</code> will gradually correct your clock while the system runs.
+
==== Passing Environment Variables ====
 +
To pass environment variables to the temporary root use the -E flag.
 +
{{console|body=$##i## sudo -E echo 'hello world'}}
  
[[Category:System]]
+
==== Passing Aliases ====
[[Category:Official Documentation]]
+
If your user has aliases you wish to use under sudo you must alias sudo with a space first:
 +
{{console|body=$##i## echo "alias sudo='sudo '" >> $HOME/.bashrc}}
  
 
{{EbuildFooter}}
 
{{EbuildFooter}}

Latest revision as of 05:38, January 25, 2015

app-admin/sudo


Source Repository:Repository:Gentoo Portage Tree

http://www.sudo.ws/

Summary: Allows users or groups to run commands as other users

Use Flags

sendmail
Allow sudo to send emails with sendmail.
offensive
Let sudo print insults when the user types the wrong password.

News

Drobbins

ARM Rebuild

ARM systems will use new stage3's that are not compatible with earlier versions.
2015-06-27 by Drobbins
Drobbins

ABI X86 64 and 32

Funtoo Linux has new 32-bit compatibility libraries inherited from Gentoo. Learn about them here.
2015-06-18 by Drobbins
Drobbins

Pre-built kernels!

Funtoo stage3's are now starting to offer pre-built kernels for ease of install. read more....
2015-05-12 by Drobbins
More...

Sudo

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.


sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.

Emerge

# emerge sudo


Configuration

/etc/sudoers.d/

Instead of editing /etc/sudoers, you may drop individual configuration files into the /etc/sudoers.d/ directory

Passwordless Sudoer

The sudo configuration file is located @ /etc/sudoers. When editing this file be very careful to not introduce syntax errors. Several other linux distributions use visudo to edit /etc/sudoers.

$ su -c 'nano /etc/sudoers'


/etc/sudoers - uncomment wheel group no password sudo
%wheel ALL=(ALL) NOPASSWD: ALL

Add your user to the wheel group to enable sudo:

$ su -c 'gpasswd -a $USER wheel'


Either log out, and in again or restart:

$ su -c 'shutdown -r now'


Disabling Root Access By Password

To better secure a system, one may desire to disable root logins by password.

$ sudo passwd -ld root


to access root:

$ sudo su


Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.

Bash Completion

Users that want bash completion with sudo need to run this once.

$ echo "complete -cf sudo" >> $HOME/.bashrc


Passing Environment Variables

To pass environment variables to the temporary root use the -E flag.

$ sudo -E echo 'hello world'


Passing Aliases

If your user has aliases you wish to use under sudo you must alias sudo with a space first:

$ echo "alias sudo='sudo '" >> $HOME/.bashrc