sudo is not working properly

getrue · July 19, 2011, 11:24am

This is the first time for using sudo for me.

# visudo
## Allows people in group admin to run all commands 
%admin  ALL=(ALL)       ALL
# groupadd admin
# useradd temp
# usermod -a -G admin temp
# id temp
uid=506(temp) gid=506(temp) groups=506(temp),507(admin)
#

#sudo /etc/init.d/vsftpd restart       //  It's working
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

#service vsftpd restart                      //It is not working

#vi /etc/hosts     // I can't edit

It is possible to edit all of the OS with sudo like root.
e.g I want to edit etc/hosts file and I want to run service commands like "service httpd status"

Below parameter is enough or not for full permission.

#visudo or #vi /etc/sudoers

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
temp  ALL=(ALL)       ALL

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL
%admin          ALL=(ALL)       ALL

THANKS

pludi · July 19, 2011, 11:32am

sudo requires you to prefix every command you want to execute as root. Just because it's been called once doesn't mean the rest of the terminal session has elevated privileges too.

getrue · July 20, 2011, 3:08am

I want to give permission to sudo user for editing network files such as /etc/hosts, /etc/sysconfig/network-scripts/ifcfg-eth0, /etc/sysconfig/network, /etc/init.d/network restart.

I have edited sudoers files for temp user like below but it didn't work. I can't edit hosts file, it is only read-only files.

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL
%temp ALL=/etc/hosts        // vi /etc/hosts is giving error.

I am wondering how can I give full permission to temp user for above files.

pludi · July 20, 2011, 3:51am

First, prefixing anything with '%' tells sudo to interpret that as a group, not a single user.
Second, as I said before: sudo doesn't automagically elevate your privileges. You have to invoke it explicitly in every instance you want to use it, regardless of what command you want to run or which file you want to edit. Unlike UAC it won't jump into your face every time you want to do something you don't have permissions for, but you'll have to tell it "Now I want to do something I'm not usually allowed to do".

For example: vi /etc/hosts throws an error, as you said, but sudo -e /etc/hosts or sudo vi /etc/hosts will let you do that, since you're explicitly invoking sudo to allow access.

venikathir · July 25, 2011, 7:53am

temp is a group ?
ok
u have a user called sysadmin
u want to give the restricted sudo access u can use like the below
add the below line in sudo file

sysadmin ALL= /bin/vi /etc/hosts,/bin/vi /etc/sysconfig/network-scripts/ifcfg-eth, /bin/vi  /etc/sysconfig/network, /sbin/service network restart

save the file and login to sysadmin user
check first

sudo -l

it will show the what are the sudo rights for this user
use

sudo /bin/vi /etc/hosts

save
u will be able to do
use sudo prefix for all this lines

hope this work fine for u ....
have fun

getrue · July 27, 2011, 10:08am

THANKS dud, its done.