Pages

Tuesday, November 18, 2014

Sudo

There are cases sometimes where a non-root user needs to execute a command in Linux. Some of the commands like yum are not allowed to be executed by a non-root user. So whenever a non-root user tries to execute a command , a Permission exceptions is thrown.

There is way in linux which allows executing a command by non-root user if he knows the root password. He can use the sudo command

[oracle@localhost x86_64]$ sudo yum install hello-1-1.el6.x86_64.rpm

there is also another way for allowing non-root users to execute commands by making some changes in sudo file. In this article we will see how we can use the sudo file in providing command execution permissions to some users.

Sudo stands for either "substitute user do" or "super user do". sudo allows a user to run a program as another user (most often the root user). In other cases we use “su” command to change from one user to another user with password even to the root account. Most cases it is a bad idea to log into the root account but it is good to get administrative privileges. Sudo provides us the same thing to a user the administrative privileges.

Lets see a basic example on how to use the sudo command.

Consider installing a rpm from a non-root user like oracle. When we try to execute the command we see the below message,

[oracle@localhost x86_64]$ yum install hello-1-1.el6.x86_64.rpm
Plugin "product-id" can't be imported
Plugin "subscription-manager" can't be imported
Loaded plugins: refresh-packagekit
You need to be root to perform this command.

We can then use the sudo command which will ask for a root password.

[oracle@localhost x86_64]$ sudo yum install hello-1-1.el6.x86_64.rpm
[sudo] password for oracle:

In both the above cases we are not able to install the rpm. Now we will provide the administrative privileges to the oracle user with the help of sudo file. The sudo file is /etc/sudoers. We can only change the file using the root account. Sudo is VERY particular about syntax in the configuration file. So we need to be care full and double our configurations before we save your file.

To make changes to the sudo configuration file you need to use a specific command - visudo. Let's take a look at how to add a user to the sudoers file.

The basic entry for a user looks like this:
user hostlist = (userlist) commandlist

Typically you will find an entry like this:
root  ALL=(ALL) ALL

The above line indicated that the root user on any hosts can run all the commands. Now in our case we need to provide the user oracle with privileges to run the yum command , for that add a line under the above line as

oracle ALL=NOPASSWD:/usr/bin/yum

Once we add the line, save the file. Now login as oracle user and run the yum command as

[oracle@localhost x86_64]$ sudo yum install hello-1-1.el6.x86_64.rpm
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Examining hello-1-1.el6.x86_64.rpm: hello-1-1.el6.x86_64
hello-1-1.el6.x86_64.rpm: does not update installed package.
Error: Nothing to do

The yum command installed the hello package. We have provided the administrative privileges to the oracle command for running the yum command. Similarly there are many other options in sudo file which allows us to provide administrative privileges either by groups, IP address and many other ways.

This article has been an introductory for sudo command. I will provide more clear details on using the other options in the sudoers file.

No comments :

Post a Comment