Provided Limited Root Privilege To User Using /etc/sudoers File

Learning|Tutorial May 17, 2010
Sudo command is used to provide the Limited root privilege to the particular user.
It will Provide the root privilege to the non root user.
There important file is /etc/sudoers
[root@mailservice ~]# vi /etc/sudoers
Otherwise we can  open file using visudo command.
[root@mailservice ~]# visudo
In these file last line we need to add service which one we need to start the service.
Syntax
[Username] [System name]=[path of the service] status
Now I add the service httpd restart service to the user rhel5
rhel5 mailservice=/etc/init.d/httpd restart
User Name  :rhel5-
System Name: mail service
Service Name :/etc/init.d/httpd
Status     :Status Restart

Verification Login as rhel5 User Without sudo Restart Service
[rhel5@mailservice root]$ /etc/init.d/httpd restart
rm: cannot remove `/var/run/httpd.pid': Permission denied [FAILED]
Starting httpd:
touch: cannot touch `/var/lock/subsys/httpd': Permission denied
Using Sudo Command Run The Httpd Service
[rhel5@mailservice root]$ sudo /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
How To Identify Find Path Of Command To Running Service with sudo privilege
[rhel5@mailservice root]$ service httpd restart
rm: cannot remove `/var/run/httpd.pid': Permission denied [FAILED]
Starting httpd: touch: cannot touch `/var/lock/subsys/httpd': Permission denied

Using Sudo Command Run The Service
[rhel5@mailservice root]$ sudo service httpd restart
Sorry, user rhel5 is not allowed to execute '/sbin/service httpd restart' as root on mailservice.localdomain.
Then it will indicate path of the service which one we need to add the sudo privilege for that user

Then in /etc/sudoer file Add The Path or Command
Rhel5 mailservice =/sbin/service httpd restart
Then try it

For service sshd Secure Shell Daemon Remote Login  restart
/sbin/service sshd restart

Add The User
/use/sbin/adduser
For Mount Command
/sbin/mount
/sbin/umount
Shutdown System
/sbin/shutdown
Allows all the users of the 'sys' group to run networking, software,
Service management apps and more. Add the following line
%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
Allows people in group wheel to run all commands to add the following link
%wheel ALL=(ALL) ALL
Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
Allows members of the users group to mount and unmount the
cdrom as root
%users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
Allows members of the users group to shutdown this system
%users localhost=/sbin/shutdown -h now
Tags:
Learning|Tutorial

Posted by: Learning|Tutorial

I am a B.Tech/IT graduate with a total 11 Years of IT experience in Linux and High-Performance computing. When I was studying engineering, I publish this website. On this site I will give you an idea on Lab programs, Linux, Computer Graphics, Software components, and my IT experience. If you have any doubt about my article you can write to swstudenton@gmail.com. This website for those who need to learn and those who love to learn.

Post a Comment

0 Comments