ENHANCED USER SECURITY WITH SUDO in Linux

ENHANCED USER SECURITY WITH SUDO:
• Do not edit the /etc/sudoers directly; instead use "visudo" command to edit the sudoers file. There
are two reasons for that- it prevents two users from editing the file at the same time, and it also
provides limited syntax checking. Even if you are the only root user, you need the syntax checking,
so use "visudo".

Advantages of using SUDO:
Two of the best advantages about using sudo are:

• Limited user privileges

As we have studied above that we can restrict users to use certain commands as a
privileged user as per the role of the user.

E.g.: Networking commands for Network user and Admin commands for Admin users etc

• Logs of the actions done by users

The /etc/sudoers file
• As we learnt above that it is the configuration file for sudo users, which is used to assign
specific commands to the specific users or groups.

• Always use visudo command to edit this file. it prevents two users from editing the file at
the same time, and it also provides limited syntax checking .

As you can see there is basically one line
• root ALL=(ALL) ALL

• This lines means that the user root can execute from ALL terminals, acting as ALL (any)
users, and run ALL (any) command.

• So the first part is the user, the second is the terminal from where the user can use
sudo, the third is as which user he may act, and the last one, is which commands he may run.

#visudo

LAB WORK:
Allow a user “ktuser” all privileges like root

• To assign root privileges to user add a line by using sudoers file as shown below.
#visudo (save the sudoers file as we save a vim file using “wq!”)

root ALL=(ALL) ALL
ktuser ALL=(ALL) ALL

• Now logged in as ktuser and run admin commands like fdisk –l etc
• First try to run fdisk command normally and see what happens.

#su - ktuser
#fdisk -l
#fdisk /dev/sda

It will not allow a normal user to run privileged user’s command

Now run the same command using sudo before command
#sudo fdisk –l (or) #sudo fdisk /dev/sda

#sudo fdisk -l

Note:- Only for the first time of the session it will prompt for user’s password to continue, but
for rest of the process it will continue normally as shown below

#sudo fdisk /dev/sda

Allow a group called ktgroup, all root previleges:

• Let’s first check the members of ktgroup and then apply root previleges.
#tail /etc/gshadow

Okay as we know the users in ktgroup, let’s assign it root previleges.
#visudo and look for the below line.

Now, login as one of the user of ktgroup try root command

#su -musab
#sudo parted -l

Allow a user “ktuser2” to run all commands without prompting for his password any time.
• To allow run all commands, the syntax we have already seen, but allow him run command’s
without prompting password a small change is to be made,

Now login as that user and check whether password is prompted or not

#su - ktuser2
#sudo - parted -l

Note:- The same can be done for groups also, try it!

Restrict a user “ktuser” to run only two root commands.
• This task is very simple, just modify the previous permissions assign to ktuser.
• Let’s give ktuser to run only #fdisk and #parted command access.
• First check the complete path of those command by using following command

#which fdisk
#which parted

Lets assign both above paths in sudoers file
#visudo

Login as ktuser and try assigned commands and other commands as well

#su -ktuser
#sudo fdisk -l
#sudo parted -l

Note:- Try the same for groups also. It is exactly same

Allow a group “ ktgroup” to run only network related commands as sudo user
• To allow a group run only network commands, first uncomment the following line

#networking

Just replace “ALL” with “NETWORKIG” from the last field of ktgroup line

#which service
#which rpm
#which yum

Enhanced User Security with SUDO,Linux SUDO Tutorial,sudo,sudo in linux,linux sudo command,linux sudo,Linux SUDO Tutorial,SUDO Command Security,User Privileges Linux,Linux Security Best Practices,Manage SUDO Access,Linux Root Access Control,SUDO Configuration Linux,Protect Linux System,User Authentication Linux,sudo linux command,touch command,linux, sudo, linux tutorial, linux sudo, linux su, su in linux, sudo in linux, what is sudo, create sudo user, how to create sudo user for red hat linux, sudo command, linux visudo, sudo su, sudo linux command, configure sudo, create a sudo user in redhat, create a sudo usrer, wheel group in linux, sudo configuration in linux, sudo setup in linux, linux sudo command, su, linux su and sudo command Telugu,linux, sudo, linux tutorial, linux sudo, linux su, su in linux, sudo in linux, what is sudo, create sudo user, how to create sudo user for red hat linux, sudo command, linux visudo, sudo su, sudo linux command, configure sudo, create a sudo user in redhat, create a sudo usrer, wheel group in linux, sudo configuration in linux, sudo setup in linux, linux sudo command, su, linux su and sudo command telugu,How Linux Gives You Better Security with SUDO