Running Commands as the Superuser


Running commands by impersonating the root is possible in Linux distributions. You can simply use the su command and type in the root password to open a shell with highest available privileges. This method has some disadvantages because you are not able to record any system changes performed by users and you cannot track them in time.
There is another way in which you can allow users to run commands as root by using the sudo command. Any command executed with sudo is recorded by the syslog service and can be tracked later. Privileges must be configured previously before a user can access certain commands. These permissions are configured in the /etc/sudoers file. Here is the output of this file on a standard CentOS machine:
Linux root
Always use the visudo command to edit the sudoers files!
The file offers descriptive lines for each command and you can check out the manpage to find out further options regarding sudo command. I’ve created a test user named danp and granted access to all commands on the Centos01 server (danp    Centos01=(ALL)  ALL). The line below would allow this user to execute all commands on all machines.
%adm    ALL=(ALL)       ALL – allows users from the adm group to run any commands on any host
Linux tutorial

With visudo you can set custom hosts, users, groups, commands that can be executed and really control the way users interact with network servers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s