Posted by: isaraffee | February 7, 2010

Exploring Alias in Sudo File

Exploring Alias in Sudo File

Create user accounts as shown below:

# useradd saandrew -c “System Administrator” -d /home/saandrew

# useradd saellen -c “System Administrator” -d /home/saallen

if necessary, create the home directories for each of the user account.

Set up the Alias in the /etc/sudoer file.

Remember to use visudo when editing the file.

# less /etc/sudoers | grep -v “^#”

Defaults env_reset

User_Alias DELTA_FORCESA = saandrew,saellen

Cmnd_Alias SA_COMMANDS = /usr/sbin/apache2ctl,\

/usr/sbin/a2enmod

root ALL=(ALL) ALL

elvin ALL=(ALL) /usr/sbin/apache2ctl

%admin ALL=(ALL) ALL

DELTA_FORCESA ALL = (root) SA_COMMANDS

Assign passwords to the accounts

root@ismail-laptop:~# passwd saandrew

Enter new UNIX password:

Retype new UNIX password:

passwd: password updated successfully

root@ismail-laptop:~# passwd saellen

Enter new UNIX password:

Retype new UNIX password:

Test the User accounts

Switch to the user account and test if the sudo configuration file works as it should.

root@ismail-laptop:~# su – saandrew

$ pwd

/home/saandrew

$ fdisk -l

-su: fdisk: not found

$ apache2ctl

-su: apache2ctl: not found

$ sudo fdisk -l

[sudo] password for saandrew:

Sorry, user saandrew is not allowed to execute ‘/sbin/fdisk -l’ as root on ismail-laptop.

Now test the other account:

root@ismail-laptop:/home# su – saellen

$ pwd

/home/saellen

$ sudo fdisk -l

[sudo] password for saellen:

Sorry, user saellen is not allowed to execute ‘/sbin/fdisk -l’ as root on ismail-laptop.

Now run the apache2ctl command

root@ismail-laptop:/home# su – saellen

$ sudo apache2ctl

Usage: /usr/sbin/apache2ctl start|stop|restart|graceful|graceful-stop|configtest|status|fullstatus

/usr/sbin/apache2ctl <apache2 args>

Yes the results show that the user alias are command alias are working correctly.

If you are interested in the log files, take a look here

Feb 7 03:10:54 ismail-laptop sudo: saandrew : TTY=pts/0 ; PWD=/home/saandrew ; USER=root ; COMMAND=/usr/sbin/apache2ctl

The line above shows that user saandrew is using sudo to run the apache2ctl command.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: