Home > Linux > Give access of a super user to a normal user—Sudo user

Give access of a super user to a normal user—Sudo user

Normally when you are installing RHEL in one system in post installation stage it asks you to create a normal user and if you are not creating it give a warning massage. Root user is the most powerful user in the system and it can do everything. So in real time environment it is advised that if you have installed Linux in server you shouldn’t give root access to any user even though he may be a giant in Linux. If you are giving root access to someone else that means you don’t have any control on the server. If tomorrow server crashes server reboots because of a wrong usage of command you will be helpless.

But saying that sometimes people may need root access to the server for some particular task like restarting apache service or for running some scripts etc. . . . Here as a system admin you have to provide them some specific access so that it won’t affect the whole server.

To achieve this purpose we use the concept of sudo user.

So what is a sudo user?

A sudo user is a root like user who can be permitted to execute specific commands or all commands executed by superuser.

You may think now if will give all permission to a sudo user then what will be the difference between the sudo user and root?

The only difference I can think of is whenever we are executing a command using sudo the system keeps a log for that command which is not in case of root.

Also one more thing is the system asks for password when we run a command as sudo.That means a user is getting time to verify its command which is helpful when we are running command like rm –rf *.

Mainly sudo concept is used only if there is some situation where a normal user wants to do some administrative operations but not all operations.

Now how can we make a normal user as sudouser?

To make a user sudo user login as root to the server and execute following command.

     #visudo

This command will open a read-only file /etc/sudoers where you can define the access for normal user.

There are two scenarios for a user to be a sudo user.

    1. Give all access as root user
    2. Give specific access to a user to run on specific mach

Give all access as root user:-

To do this in /etc/sudoers file search for a line

     root       ALL=(ALL)            ALL

This lines means that the user root can execute from ALL terminals, acting as ALL  users, and run ALL  command.

And append a line for the user let’s say bob

     bob     ALL=(ALL)     ALL

you can separate by comma for multiple users.

     bob , chalres   ALL=(ALL)    ALL

To give a user specific permission let’s say user bob can only restart apache server append the blow line to /etc/sudoers file.

     bob localhost=/etc/init.d/apache restart

To give user permission to do multiple operations we can append a line like following

     bob ALL= /bin/kill, /etc/init.d/httpd

As we told above for each command run under sudo user  gets looged into the system.To see that run a command as a sudo user and check the log file /var/log/secure.

As bob user execute

     #sudo /etc/init.d/httpd restart

Then check the log file by

     #tail –f /var/log/secure
     Output:- Aug 28 03:21:30 sudo:       bob : TTY=pts/3 ; PWD=/home/bob ; USER=root ; COMMAND=/etc/init.d/httpd restart

For advances users,

Concept of Sudo:-

Try to do this experiment

1) Login as root in tty1, Login as bob in tty2.
2) In tty2 execute a sample command ‘# vi abc’ . Go to tty1 and excute # ps -Alf
3) In tty2 execute a sample command ‘#  sudo vi abc’ . Go to tty1 and excute # ps -Alf

Now examine third field for the output of step 1 & 2

You will see when a user with is running something as sudo user practically it is running that command with root users gid.

Advertisements
  1. website design course
    April 17, 2013 at 1:35 pm

    Excellent article. I definitely love this website. Keep writing!

  2. website design tips
    May 3, 2013 at 4:44 am

    I am really grateful to the owner of this web page who
    has shared this fantastic article at here.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: