brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
31abeb7085ceb0a470ba679b35588c13d82f161b
oam/knowledge base/sudo.md
Michele Cereda d057f2210d Improved local shell snippet rendering
2022-05-15 00:24:53 +02:00

85 lines
2.0 KiB
Markdown
Raw Blame History

# Sudo
> Avoid modifying the `sudoers` files manually and execute `visudo` instead; it will check the syntax on save, preventing you from screwing up the file.
## TL;DR
```sh
# Make changes to a sudoers file.
visudo
visudo -f path/to/file
# Check the syntax of a sudoers file.
visudo -c path/to/file
```
## Drop privileges
```sh
# Invalidate the user's cached credentials.
sudo -k
# Ignore the user's cached credentials for the given command only.
sudo -k ls
```
## Restrict permissions a little
```sh
# file /etc/sudoers.d/user
Cmnd_Alias UPGRADE_CMND = /usr/bin/apt update, /usr/bin/apt list --upgradable, /usr/bin/apt upgrade
Cmnd_Alias SHUTDOWN_CMND = /sbin/shutdown
user ALL=(ALL:ALL) NOPASSWD: SHUTDOWN_CMND, UPGRADE_CMND
```
## Avoid providing a password
```sh
# file /etc/sudoers.d/user
user ALL=(ALL:ALL) NOPASSWD: ALL
```
## Execute commands as a specific user
Invoke a login shell using the `-i, --login` option. When one does not specify a command a login shell prompt is returned, otherwise the output of the command is returned:
```sh
% whoami
root
% sudo -i -u user
$ whoami
user
% sudo -i -u user whoami
user
```
## Troubleshooting
### I modified a sudoers file manually, messed it up, and now I cannot use sudo anymore
Should you see something similar to this when using `sudo`:
```sh
$ sudo visudo
>>> /etc/sudoers: syntax error near line 28 <<<
sudo: parse error in /etc/sudoers near line 28
sudo: no valid sudoers sources found, quitting
```
try using another access method like `PolicyKit` and fix the file up:
```sh
pkexec visudo -f /etc/sudoers.d/user
```
## Sources
- [How to modify an invalid sudoers file]
- [sudo as another user with their environment]
- [sudo: Drop root privileges]
[how to modify an invalid sudoers file]: https://askubuntu.com/questions/73864/how-to-modify-an-invalid-etc-sudoers-file
[sudo as another user with their environment]: https://unix.stackexchange.com/questions/176997/sudo-as-another-user-with-their-environment
[sudo: drop root privileges]: https://coderwall.com/p/x2oica/sudo-drop-root-privileges
Reference in New Issue View Git Blame Copy Permalink