|
L i n u x H e l p
: :
: :
: :
: :
|
Sudo discourages the use of su. In fact, sudo makes the perfect replacement
for su. What sudo does is give restrictive access to commands as other
users. For instance, if you were a web administrator on a system and were
responsible for maintaining the web site, you may have to restart the web
server occasionally. Previously you may have had root access in order to do
this. With sudo, the real root user can allow you to restart the web server,
as root, without giving you the root password or general root access on the
system.
Many distributions come with the sudo package, but in case they don't, you
can obtain a copy of sudo from http://www.courtesan.com/sudo.
To configure sudo, use the visudo command. It is a wrapper around your
editor that does syntax checking on the main configuration file,
/etc/sudoers. By default, it uses the vi editor to edit the file, but you
can easily change this by changing the value of your shell's EDITOR
variable. For instance, if you prefer using emacs, you can use:
# visudo
By default, you should have something like this in your sudoers file:
root ALL=(ALL) ALL
This tells sudo to allow root to execute all commands, as root, on all
hosts. But of course, root can do all of this anyways. So let's get more
specific and assume that user "Joe" is a web master and must have access to
configure the network and start/stop the web server. We could do this by
putting in our file:
joe myhost.com = /sbin/ifconfig, /etc/rc.d/init.d/httpd
This allows the user Joe, on the machine myhost.com to execute
/sbin/ifconfig and /etc/rc.d/init.d/httpd as root. To make use of this, Joe
would execute the following to restart the web server:
# sudo /etc/rc.d/init.d/httpd restart
Joe will be asked for his password (not root's!), and if he enters his
password correctly, the command "/etc/rc.d/init.d/httpd restart" will be
executed as root.
You can also execute commands as users other than root. For instance, if you
wanted Joe to execute the command "somecommand" as the user "admin", you
could use:
joe myhost.com = (admin) /usr/bin/somecommand, (root) /sbin/ifconfig
This tells sudo that Joe can run /usr/bin/somecommand as the admin user, and
/sbin/ifconfig as root. Since, by default, sudo tries to execute commands
as root, Joe will have to use sudo a little differently to execute
somecommand:
# sudo -u admin /usr/bin/somecommand
This tells sudo to use the admin user to run somecommand. To determine what
commands you can run on a given host, you can use sudo with the "-l"
parameter:
# sudo -l
Password:
User joe may run the following commands on this host:
(admin) /usr/bin/somecommand
(root) /sbin/ifconfig
You can configure sudo to not ask for passwords. This is done by using the
NOPASSWD token like this:
joe myhost.com = NOPASSWD: /sbin/ifconfig, /etc/rc.d/init.d/httpd
This tells sudo to allow Joe to execute the commands /sbin/ifconfig and
/etc/rc.d/init.d/httpd without having to enter his password.
You can also define aliases for commands. There are three types of aliases
you can use: User, Command, and Host. Let's look at each. To define a
user alias you would place in your sudoers file something like this:
User_Alias WEBMASTERS = joe, bob
This would define both Joe and Bob in the WEBMASTERS group so you could
define:
WEBMASTERS ALL = /etc/rc.d/init.d/httpd
This tells sudo that users Joe and Bob can execute /etc/rc.d/init.d/httpd on
any host that uses this sudoers file.
A command alias may look like this:
Cmnd_Alias WEBTOOLS = /etc/rc.d/init.d/httpd, /sbin/ifconfig
Now you could change the previous WEBMASTERS definition to look like this:
WEBMASTERS ALL = WEBTOOLS
This tells sudo that all users in the alias WEBMASTERS (Joe and Bob), can
run the programs defined by the WEBTOOLS command alias on any host.
Finally, you could define a Host alias as well:
Host_Alias WEBSITES = srv1.myhost.com, srv2.myhost.com, www.myhost.com
Then you can fine-grain your access even further by using:
WEBMASTERS WEBSITES = WEBTOOLS
This tells sudo to allow Joe and Bob access to the programs in the WEBTOOLS
alias on the machines in the WEBSITES alias, which are srv1.myhost.com,
srv2.myhost.com, and www.myhost.com.
More than you ever wanted to know about sudo configuration is available at http://www.courtesan.com/sudo/man/sudoers.html.
Enjoy!
Krnl
|
|
|
|
|
L i n u x W o r l d N e w s
: :
: :
: :
: :
|
|
|
What in the hell is a KrnlPanic? Well, a KrnlPanic is me! Actually, let's start with "What is a kernel?". The
kernel is the core of your operating system (OS), whether your OS is Linux, Unix or windows. The kernel takes
care of all process management (what program runs and when), memory management (which parts of memory get used for what) and
also, the kernel takes care of interfacing the OS with your computer's hardware (disk drives, sound card, modem, network card, etc).
Now...since the kernel is doing all of these extremely important jobs, it stands to reason
that if it has an error, it will be a Bad Thing(tm).
If you use windows, you know a kernel panic as a "BSOD" or Blue Screen of Death. Or how about "Invalid Page
Fault in KERNEL32.DLL". I'm sure you've probably seen both of those. In Linux, a Kernel Panic is normally plainly stated
so. At boot time is when you will see most linux panics. I have yet to see a linux kernel panic while the system is running.
You may have seen "Kernel Panic: init not found" or "Kernel Panic: VFS unable to mount root fs on 2:00". All of these previously
listed errors are because of something that happened to the kernel that it couldn't handle, whether it was an access to an
invalid memory location or the inability to find the initialization files it requires.
I hope that sufficiently explains things. Oh yeah...KrnlPanic is also my name ;-)
- Rick
|
|
|
|
|
|
S l a s h d o t / F r e s h m e a t
: :
: :
: :
: :
|
Slashdot and Freshmeat Headlines at 1268350058
(Unixtime)
|
|
|
|
