Saturday, March 03, 2007

SUDO

Generic syntax of /etc/sudoers
<users_to_allow> <host> = (run_as_user) <command_to_run>
<users_to_allow> <host> = (run_as_user) <file_to_grant>

No password for users in admin group

%admin ALL= (ALL) NOPASSWD: ALL

No password for joeuser user
joeuser ALL=(ALL) NOPASSWD: ALL

Allow joeuser to run only certain privileged commands as root
joeuser ALL= /bin/kill, /usr/local/bin/

Allow joeuser to run certain commands as given users
joeuser ALL=(janeuser,johnuser) /bin/kill, /usr/local/bin

Run sudo command as another user using
sudo -u janeuser /bin/kill

http://aplawrence.com/Basics/sudo.html