Useful Tips and Tricks
  • Blog
  • Other
  • windows
  • Linux
  • Powershell
  • Login

Take Control of your Linux | sudoers file: 

7/7/2015

0 Comments

 
The sudoers file located at: /etc/sudoers, contains the rules that users must follow when using the sudo command.

If you have ever used used Ubuntu, you know that the root account is disabled. This is because the root password is not set in Ubuntu, you can assign one and use it as with every other Linux distribution. That anyway is another story. On normal Ubuntu Linux computers you need to use sudo to act as root.

I like using sudo, I'm not using Ubuntu anymore. The first thing I do when I install a new Linux is to usevisudo to edit the sudoers file. And I always give my account root rights, then I can run commands as root without switching users.

The best way to understand the sudo command, and the rules in sudoers file, the funny way is by this comics.

Picture
As you can see from this funny picture, using sudo command, makes the system obey any given order.

The two best advantages about using sudo command are:

  • Restricted privileges
  • Logs of the actions taken by users
I'm sure you are now fully aware of the advantages of using sudo command in a daily basis, how to use it?

In order to use sudo you first need to configure the sudoers file. The sudoers file is located at/etc/sudoers. And you should not edit it directly, you need to use the visudo command.

Once you enter visudo command, you will see something like this:

# /etc/sudoers 
# 
# This file MUST be edited with the 'visudo' command as root. 
# 
# See the man page for details on how to write a sudoers file. 
# Defaults env_reset 
 # Host alias specification 
 # User alias specification 
 # Cmnd alias specification 
 # User privilege specification 
root ALL=(ALL) ALL

Almost all lines are commented out, the one that matters in this sudoers file example is:

root ALL=(ALL) ALL

This line means: The root user can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.

The first part is the user, the second is the terminal from where the user can use sudo command, the third part is which users he may act as, and the last one, is which commands he may run when using sudo.

sudoers examplesoperator ALL= /sbin/poweroff

The above command, makes the user operator can from any terminal, run the command power off.

You can also create aliases for: users -> User_Alias, run commands as other users -> Runas_Alias, host -> Host_Alias and command -> Cmnd_Alias

User_Alias OPERATORS = joe, mike, jude 
Runas_Alias OP = root, operator 
Host_Alias OFNET = 10.1.2.0/255.255.255.0 
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm

As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.

So, a typical sudoers file may look like this:


Picture
If you want not to be asked for a password use this form:

go2linux ALL=(ALL) NOPASSWD: ALL

You may want to read sudoers man page

Considering that you are still reading here a bonus:

visudo command uses vi as the editor here some tips to use it:

  1. Switch to root, (su root), then run visudo, (as above).
  2. Find where it says "root ALL=(ALL) ALL".
  3. Type "o" to insert a new line below it.
  4. Now type what you want to insert, eg "username ALL=(ALL) ALL".
  5. Hit esc to exit insert-mode.
  6. Type ":x" to save and exit.
Can I change the default visudo editor?

Yes, changing the default visudo editor is easy.

And just because of your dedication, and still reading until here, I'll show you how to set nano or vim to use with visudo command as default editor.

Using vim with visudo

export VISUAL=vim; visudo

Using nano with visudo

export VISUAL=nano; visudo




source : http://bencane.com/


0 Comments

Understanding a little more about /etc/profile and /etc/bashrc

7/6/2015

0 Comments

 
Recently I was working on an issue where an application was not retaining the umask setting set in the root users profile or /etc/profile. After looking into the issue a bit it seemed that the application in question only applied the umask setting that was set in /etc/bashrc and would not even accept the values being the applications own start scripts.

After doing a bit of researched I learned a little bit more about what exactly these files do, the differences between them and when they are executed. I figured this would be a good thing to share as it is not a topic that comes up very often.

What is /etc/profile used for?If you have been using Linux for a while you are probably familiar with the .profile or.bash_profile files in your home directory. These files are used to set environmental items for a users shell. Items such as umask, and variables such as PS1 or PATH.

The /etc/profile file is not very different however it is used to set system wide environmental variables on users shells. The variables are sometimes the same ones that are in the .bash_profile, however this file is used to set an initial PATH or PS1 for all shell users of the system.

/etc/profile.dIn addition to the setting environmental items the /etc/profile will execute the scripts within/etc/profile.d/*.sh. If you plan on setting your own system wide environmental variables it is recommended to place your configuration in a shell script within /etc/profile.d.

What is /etc/bashrc used for?Like .bash_profile you will also commonly see a .bashrc file in your home directory. This file is meant for setting command aliases and functions used by bash shell users.

Just like the /etc/profile is the system wide version of .bash_profile. The /etc/bashrc for Red Hat and /etc/bash.bashrc in Ubuntu is the system wide version of .bashrc.

Interestingly enough in the Red Hat implementation the /etc/bashrc also executes the shell scripts within /etc/profile.d but only if the users shell is a Interactive Shell (aka Login Shell)

When are these files used?The difference between when these two files are executed are dependent on the type of login being performed. In Linux you can have two types of login shells, Interactive Shells and Non-Interactive Shells. An Interactive shell is used where a user can interact with the shell, i.e. your typical bash prompt. Whereas a non-Interactive shell is used when a user cannot interact with the shell, i.e. a bash scripts execution.

The difference is simple, the /etc/profile is executed only for interactive shells and the /etc/bashrcis executed for both interactive and non-interactive shells. In fact in Ubuntu the /etc/profile calls the /etc/bashrc directly.

Interactive Shell vs Non-Interactive ShellTo show an example of an interactive shell vs a non-interactive shell I will add a variable into both/etc/profile and /etc/bash.bashrc on my Ubuntu system.


/etc/profile# grep TEST /etc/profile export TESTPROFILE=1

/etc/bash.bashrc# grep TEST /etc/bash.bashrc export TESTBASHRC=1

Interactive ShellThe below example is showing an interactive shell, in this case both the /etc/profile and/etc/bash.bashrc was executed.

# su - # env | grep TEST TESTBASHRC=1 TESTPROFILE=1

Non-Interactive ShellIn this example we are running a command through SSH that is non-interactive; because this is a non-interactive shell only the /etc/bash.bashrc file is executed.

# ssh localhost "env | grep TEST" root@localhost's password: TESTBASHRC=1

ConclusionIn my case the applications child processes are not recognizing the umask value set in /etc/profilebut do recognize the value in /etc/bashrc. This tells me that the subprocess is starting as a non-interactive shell. While the suggested route of modifying environmental variables is to add a shell script into /etc/profile.d in my case it is better to set the umask value in the /etc/bashrc.

0 Comments
    Picture

    Author

    Anwar Ahamed sayed

    Try these tips and tricks which will be usefull at times.I have found out these on course when solving or find the solutions.

    Also I thank my friends who helped me along.

    Archives

    July 2015
    February 2013
    February 2009

    Categories

    All

    RSS Feed

@ Anwar Ahamed Sayed