linux - What types of users can I use with "sudo"?
2014-07
I thought you could only use sudo
to temporarily become root
:
sudo vim /etc/resolv.conf
But recently I saw a shell snippet depicting a user using sudo
to become a specific user:
sudo -H -u devops -s
Where devops
was not the original username. After becoming devops
, the user now had elevated privileges.
So are there ways of creating more than 1 root
user? What is devops
's relation to root
in the example above? How do these elevated-but-not-quite-root
users get created/managed?
Also, same question, but for su
.
Thanks in advance!
Taken from the man page:
sudo is used to execute commands as another. Root or any other user that you have creds for. So, devops is just another user on the system.
DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
UPDATE;
Same for su. Any user, root or other user on system. Here is the man page:
su - run a shell with substitute user and group IDs
SYNOPSIS
su [OPTION]... [-] [USER [ARG]...]
DESCRIPTION
Change the effective user id and group id to that of USER.
sudo
can be used to run a command as any user (with the -u
option). In your example devops was another user on the system. "devops" probably had more privileges to read and write to certain directories. The same goes for su
where you can specify a user as a parameter. Both su
and sudo
switch to the root user by default.
Any user can have sudo
rights on a unix system. devops
is simply one of those users on that system, but by default the only user account should be root
and the others are added (though distros like Ubuntu have the user who is setup during install in that list too).
If you need various users (or groups) sudo privs, look into # visudo
. You can specify what users can access what with root rights. (be careful with that, if you give 'guest' access to vim
with root privs, they could adjust system files, for example).
I need to install a package. For that I need root access. However the system says that I am not in sudoers file. When trying to edit one, it complains alike! How am I supposed to add myself to the sudoers file if I don't have the right to edit one?
I have installed this system and only administrator. What can I do?
Edit: I have tried visudo
already. It requires me to be in sudoers in the first place.
amarzaya@linux-debian-gnu:/$ sudo /usr/sbin/visudo
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for amarzaya:
amarzaya is not in the sudoers file. This incident will be reported.
amarzaya@linux-debian-gnu:/$
It would be something of a security hole if you could add yourself to /etc/sudoers
without having sudo or root access. Basically then anyone could make themselves root.
Basically you need to ask the administrators of that machine to add you, or to install the package for you, as per the policies of the site.
You should also be sure to use visudo to edit the sudoers file - it checks that the syntax is correct before writing the file. And you can use editors other than vi with visudo. It will by default use whatever you have set as $EDITOR
and if you don't have it set you could do
# EDITOR=nano visudo
to use the nano editor instead.
Login as root and use /usr/sbin/visudo
to edit the file and add your username. Normal vi/vim will not be able to edit the file.
The easiest way is to just go down until you see the line "root ALL=(ALL) ALL
" and add yourself under that with the same syntax (yourusername ALL=(ALL) ALL
). Or, you can read the sudoers manpage if you want to give yourself more specific privileges.
Just typed the command:
$ su
And asked for the password "root". Typed and boom... It worked!
This problem was my mistake. Due to be back at the facility at the time I created the username and password.
If your sudoers file already contains this kind of line
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Then, the cleanest way of doing things is probably to grant the admin
group to your user. For instance, to add user oracle to the admin
group:
usermod -aG admin oracle
Perhaps the easiest way, once you're root, is:
echo 'amarzaya ALL=(ALL) ALL' >> /etc/sudoers
If you cannot use the sudo
command, then you can use the following method:
- Press Ctrl+Alt+F1
- Log the user out if the user is not root
- Log in as root
- Use root privileges
- Log out (
exit
) – Ctrl+Alt+F7 to get to the GUI
Sign in using the following first:
$ su
Then go ahead with:
$ sudo apt-get update
or whatever as normal