UNIX System Administration Handbook - Evi Nemeth [35]
A log entry for randy executing sudo/bin/cat /etc/sudoers might look like this:
Dec 7 10:57:19 tigger sudo: randy: TTY=ttyp0 TTY=ttyp0 ;
PWD=/tigger/users/randy; USER=root ; COMMAND=/bin/cat /etc/sudoers
The sudoers file is designed so that a single version can be used on many different hosts at once. Here’s a typical example:
# Define aliases for machines in CS & Physics departments
Host_Alias CS = tigger, anchor, piper, moet, sigi
Host_Alias PHYSICS = eprince, pprince, icarus
# Define collections of commands
Cmnd_Alias DUMP = /usr/sbin/dump, /usr/sbin/restore
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHELLS = /bin/sh, /bin/tcsh, /bin/csh
# Permissions
mark, ed PHYSICS = ALL
herb CS = /usr/local/bin/tcpdump : PHYSICS = (operator) DUMP
lynda ALL = (ALL) ALL, !SHELLS
%wheel ALL, !PHYSICS = NOPASSWD: PRINTING
The first five noncomment lines define groups of hosts and commands that are referred to in the permission specifications later in the file. The lists could be included literally in the specs, but the use of aliases makes the sudoers file easier to read and understand; it also makes the file easier to update in the future. It’s also possible to define aliases for sets of users and for sets of users as whom commands may be run.
Each permission specification line includes information about
• The users to whom the line applies
• The hosts on which the line should be heeded
• The commands that the specified users may run
• The users as whom they may be executed
The first permission line applies to the users mark and ed on the machines in the PHYSICS group (eprince, pprince, and icarus). The built-in command alias ALL allows them to run any command. Since no list of users is specified in parentheses, sudo will only run commands as root.
The second permission line allows herb to run tcpdump on CS machines and dump-related commands on PHYSICS machines. However, the dump commands can only be run as operator, not as root. The actual command line that herb would type would be something like
% sudo -u operator /usr/sbin/dump 0u /dev/rsd0a
The user lynda can run commands as any user on any machine, except that she can’t run several common shells. Does this mean that lynda really can’t get a root shell? Of course not:
% cp -p /bin/csh /tmp/csh
% sudo /tmp/csh
Generally speaking, any attempt to allow “all commands except...” is doomed to failure, at least in a technical sense. However, it may still be worthwhile to set up the sudoers file this way as a reminder that root shells are frowned upon. It may discourage casual use.
The final line allows users in the UNIX group wheel to run lpc and lprm as root on all machines except eprince, pprince, and icarus. Furthermore, no password is required to run the commands.
Note that commands in /etc/sudoers are specified with full pathnames to prevent people from executing their own programs and scripts as root. Though no examples are shown above, it is possible to specify the arguments that are permissible for each command as well. In fact, this simple configuration only scratches the surface of the beauty and splendor that is the sudoers file.
To modify /etc/sudoers, you use the visudo command, which checks to be sure no one else is editing the file, invokes an editor on it, and then verifies the syntax of the edited file before installing it. This last step is particularly important because an invalid sudoers file might prevent you from sudoing again to fix it.
The use of sudo has the following advantages:
• Accountability is much improved because of command logging.
• Operators can do chores without unlimited root privileges.
• The real root password can be known to only one or two people.
• It’s faster to use sudo than to run su or to log in as root.
• Privileges can be revoked without the need to change the root