Birmingham mumbai

Download 15,21 Mb.

Pdf ko'rish

bet	99/482
Sana	13.01.2022
Hajmi	15,21 Mb.
	#355107

1 ... 95 96 97 98 99 100 101 102 ... 482

Bog'liq
Mastering Ubuntu Server Gain expertise in the art of deploying, configuring, managing, and troubleshooting Ubuntu Server by Jay LaCroix (z-lib.org)

[
67
]
So
visudo
allows you to make changes to who is able to access
sudo
. But how do you
actually make these changes? Go ahead and scroll through the
/etc/sudoers
file that
visudo
opens and you should see a line similar to the following:
%sudo ALL=(ALL:ALL) ALL
This is the line of
configuration that enables
sudo
access to anyone who is a member
of the
sudo
group. You can change the group name to any that you'd like, for
example, perhaps you'd like to create a group called
admins
instead. If you do change
this, make sure that you actually create that group and add yourself and your staff to
be members of it before you edit the
/etc/sudoers
file or log off; it would be rather
embarrassing if you found yourself locked out of administrator access to the server.
Of course, you don't have to enable access by group. You can actually call out a
username instead. With the
/etc/sudoers
file, groups are preceded by
%
, while users
are not. As an example of this, we also have the following line in the file:
root ALL=(ALL:ALL) ALL
Here, we're calling out a username (in this case,
root
), but the rest of the line is the
same as the one I pointed out before. While you can certainly copy this line and paste
it one or more times (substituting
root
for a different username) to grant access to
others, using the group approach is really the best way. It's easier to add and remove
users from a group (such as the
sudo
group) than it is to use
visudo
each time.
So, at this point, you're probably wondering what the options on
/etc/sudoers

configuration lines actually mean. So far, both examples used
ALL=(ALL:ALL) All
.
In order to fully understand
sudo
, understanding the other fields is extremely
important, so let's go through them (using the
root
line again as an example).
The first
ALL
means that
root
is able to use
sudo
from any terminal. The second
ALL

means that
root
can use
sudo
to impersonate any other user. The third
ALL
means
that
root
can impersonate any other group. Finally, the last
ALL
refers to what
commands this user is able to do; in this case, any command he or she wishes.
To help drive this home, I'll give some additional examples. Here's a hypothetical
example:
charlie ALL=(ALL:ALL) /sbin/reboot,/sbin/shutdown

Managing Users and Permissions

Download 15,21 Mb.

Do'stlaringiz bilan baham:

1 ... 95 96 97 98 99 100 101 102 ... 482