Configuring Sudo
To run as root use the su or sudo commands. Avoid using root for any non-administration usage, since the root account makes it easy to create security or data risks. If you frequently use a single user desktop, you may find it convenient to configure sudo so you can use the same password for both root and your regular account. To do this, follow this procedure:
Become the root user using the su command. Enter the password for the root account when prompted.
Run this command, using your user account name in the place of “sampleusername”:
echo ’serveradmin ALL=(ALL) ALL’ >> /etc/sudoers
Note that when sudo prompts you for a password, it expects your user password, not root’s.
Email notification everytime users run “sudo” on Linux
For Redhat, Centos Systems make sure that sendmail is running on the machine and configured to send out emails.
Run
Add the following configuration in /etc/sudoers
visudo parses the sudoers file after the edit and will not save the changes if there is a syntax error.
Defaults mail_always
Defaults mailerpath=/usr/sbin/sendmail
Defaults mailto=”root@serverbuddies.com”
Defaults mailsub=”*** Command run via sudo on %h ***”
Defaults mailerflags=”-t”
The sudo Command
The sudo command offers another approach to giving users administrative access.
When trusted users precede an administrative command with sudo, they are prompted for their own password.
Then, once authenticated and assuming that the command is permitted, the administrative command is executed as if by the root user.
The basic format of the sudo command is as follows:
In the above example, command would be replaced by a command normally reserved for the root user, such as mount.
The sudo command allows for a high degree of flexibility. For instance, only users listed in the /etc/sudoers configuration file are allowed to use the
sudo command and the command is executed in the user’s shell, not a root shell.
Example from /etc/sudoers
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%eeeuser ALL=NOPASSWD: /etc/acpi/eeepc/eeepc-actions.sh, /etc/acpi/eeepc/eeepc-lvds-toggle.sh