Difference between revisions of "Understanding sudo configuration syntax"
From Notes_Wiki
(Created page with "=Sudo configuration syntax= Lines in sudo configuration uses following format: <pre> <username> or <group> <machine> = [(<user>)] [NOPASSWD] :<command1> [, <command2> ...] </...") |
m |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Sudo configuration]] > [[Understanding sudo configuration syntax|Sudo configuration syntax]] | |||
Lines in sudo configuration | Lines in sudo configuration use following format: | ||
<pre> | <pre> | ||
<username> or <group> <machine> = [(<user>)] [NOPASSWD] :<command1> [, <command2> ...] | <username> or %<group> <machine> = [(<user>)] [NOPASSWD] :<command1> [, <command2> ...] | ||
</pre> | </pre> | ||
Note that group is indicated using %sign. | |||
For example: | For example: | ||
| Line 11: | Line 13: | ||
</pre> | </pre> | ||
will allow user '<tt>saurabh</tt>' to run '<tt>/usr/sbin/wireshark</tt>' and '<tt>/usr/sbin/tcpdump</tt>' commands on machine '<tt>barjatiya</tt>' without supplying password as root user. | will allow user '<tt>saurabh</tt>' to run '<tt>/usr/sbin/wireshark</tt>' and '<tt>/usr/sbin/tcpdump</tt>' commands on machine '<tt>barjatiya</tt>' without supplying password as root user. | ||
Please note that by default sudo requires tty. Hence running sudo commands from services such as MySQL, apache, nagios, etc. which do not have tty may not work. To change this default behavior comment 'Defaults Requiretty' in /etc/sudoers using visudo. | |||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Sudo configuration]] > [[Understanding sudo configuration syntax|Sudo configuration syntax]] | |||
Latest revision as of 13:38, 14 July 2022
Home > CentOS > CentOS 6.x > Sudo configuration > Sudo configuration syntax
Lines in sudo configuration use following format:
<username> or %<group> <machine> = [(<user>)] [NOPASSWD] :<command1> [, <command2> ...]
Note that group is indicated using %sign.
For example:
saurabh barjatiya = (root) NOPASSWD: /usr/sbin/wireshark, /usr/sbin/tcpdump
will allow user 'saurabh' to run '/usr/sbin/wireshark' and '/usr/sbin/tcpdump' commands on machine 'barjatiya' without supplying password as root user.
Please note that by default sudo requires tty. Hence running sudo commands from services such as MySQL, apache, nagios, etc. which do not have tty may not work. To change this default behavior comment 'Defaults Requiretty' in /etc/sudoers using visudo.
Home > CentOS > CentOS 6.x > Sudo configuration > Sudo configuration syntax
