Latest revision as of 05:38, January 25, 2015

Sudo

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.

Emerge

root # emerge sudo

Configuration

/etc/sudoers.d/

Instead of editing /etc/sudoers, you may drop individual configuration files into the /etc/sudoers.d/ directory

Passwordless Sudoer

The sudo configuration file is located @ /etc/sudoers. When editing this file be very careful to not introduce syntax errors. Several other linux distributions use visudo to edit /etc/sudoers.

user $ su -c 'nano /etc/sudoers'

/etc/sudoers - uncomment wheel group no password sudo

%wheel ALL=(ALL) NOPASSWD: ALL

Add your user to the wheel group to enable sudo:

user $ su -c 'gpasswd -a $USER wheel'

Either log out, and in again or restart:

user $ su -c 'shutdown -r now'

Disabling Root Access By Password

To better secure a system, one may desire to disable root logins by password.

user $ sudo passwd -ld root

to access root:

user $ sudo su

Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.

Bash Completion

Users that want bash completion with sudo need to run this once.

user $ echo "complete -cf sudo" >> $HOME/.bashrc

Passing Environment Variables

To pass environment variables to the temporary root use the -E flag.

user $ sudo -E echo 'hello world'

Passing Aliases

If your user has aliases you wish to use under sudo you must alias sudo with a space first:

user $ echo "alias sudo='sudo '" >> $HOME/.bashrc

@@ Line 1: / Line 1: @@
 {{Ebuild
-|Summary=Chrony is a pair of programs (chronyd and chronyc) which are used to maintain the accuracy of the system clock on a computer. chronyd has been specifically written to work well for systems which have only an intermittent (e.g. dial-up) connection to the network where the NTP servers are. It still works well in a "permanently connected" mode.
+|Summary=Allows users or groups to run commands as other users
-|CatPkg=net-misc/chrony
+|CatPkg=app-admin/sudo
-|Homepage=http://chrony.tuxfamily.org/
+|Homepage=http://www.sudo.ws/
 }}
+{{PageNeedsUpdates}}
-=== Accurate System Time (NTP) ===
+sudo allows privilege escalation for non root users to perform restricted actions while in a locked down user environment.
-It's important that your Funtoo Linux system has an accurate clock. NTP (network time protocol) can ensure your clock is accurate at all time.
+=== Emerge ===
+{{console|body=###i## emerge sudo}}
-The recommended NTP client/server is '''{{Package|net-misc/chrony}}'''.
+==== Configuration ====
+===== /etc/sudoers.d/ =====
+Instead of editing {{f|/etc/sudoers}}, you may drop individual configuration files into the {{f|/etc/sudoers.d/}} directory
-{{console|body=
+===== Passwordless Sudoer =====
-###i## emerge chrony
+The sudo configuration file is located @ {{f|/etc/sudoers}}.  When editing this file be very careful to not introduce syntax errors.  Several other linux distributions use {{c|visudo}} to edit {{f|/etc/sudoers}}.
-###i## rc-update add chronyd default
+{{Console|body=$##i## su -c 'nano /etc/sudoers'}}
+{{file|name=/etc/sudoers|lang=|desc=uncomment wheel group no password sudo|body=
+%wheel ALL=(ALL) NOPASSWD: ALL
 }}
-Use something like the following for your <code>/etc/chrony/chrony.conf</code>:
+Add your user to the wheel group to enable sudo:
-<pre>
+{{Console|body=$##i## su -c 'gpasswd -a $USER wheel'}}
-server time.apple.com
-maxupdateskew 100
-driftfile /etc/chrony/chrony.drift
-keyfile /etc/chrony/chrony.keys
-commandkey 1
-dumponexit
-dumpdir /var/log/chrony
-initstepslew 10 time.apple.com
-logdir /var/log/chrony
-log measurements statistics tracking
-logchange 0.5
-mailonchange me@emailprovider.com 0.5
-rtcfile /etc/chrony/chrony.rtc
-rtconutc
-sched_priority 1
-lock_all
-</pre>
-Chronyd can then be started immediately by running <code>rc</code> to start all new services:
+Either log out, and in again or restart:
-{{console|body=
+{{Console|body=$##i## su -c 'shutdown -r now'}}
-###i## rc
-}}
+===== Disabling Root Access By Password =====
+To better secure a system, one may desire to disable root logins by password.
+{{console|body= $##i## sudo passwd -ld root}}
+to access root:
+{{Console|body= $##i## sudo su}}
+Root can also be accessed by logging in via ssh keys, or as a restricted user then sudo su as above.
+====Bash Completion====
-Because Funtoo Linux starts network daemons without waiting for an Internet connection to become available, and because chrony will attempt to synchronize the clock over the Internet when it first starts, you must manually configure chronyd to be dependent on whatever method you use to enable your outbound network connectivity. For example, if using <code>dhcpcd</code>, add the following to <code>/etc/conf.d/chronyd</code>:
+Users that want bash completion with sudo need to run this once.
-<pre>
+{{console|body=$##i## echo "complete -cf sudo" >> $HOME/.bashrc}}
-rc_need=dhcpcd
-</pre>
-You should notice a marked improvement in your system clock's accuracy. If your system time was off by a significant amount, <code>chronyd</code> will gradually correct your clock while the system runs.
+==== Passing Environment Variables ====
+To pass environment variables to the temporary root use the -E flag.
+{{console|body=$##i## sudo -E echo 'hello world'}}
-[[Category:System]]
+==== Passing Aliases ====
-[[Category:Official Documentation]]
+If your user has aliases you wish to use under sudo you must alias sudo with a space first:
+{{console|body=$##i## echo "alias sudo='sudo '" >> $HOME/.bashrc}}
 {{EbuildFooter}}

Difference between pages "Package:Chrony" and "Package:Sudo"