Sudo
Instead of using the root user account, unprivileged users can is configured for using administrator permissions on SPECIF IC tasks by using sudo. When sudo is configured, ordinary users has sudo privileges and to use these privileges, they would start the command usin G sudo. So, instead of using commands like Useradd as the root user, you use a ordinary user account and type sudo useradd. This was definitely more secure because you would only be able to act as if you had administrator permissions while running This specific command.
When creating Linux users during the installation process, you can select to grant administrator permissions to that s pecific user. If you select to does so, the user would be able to use all administrator commands using sudo. It is also possible to set the sudo privileges after installation. To the do and a very easy-to-do-a-accomplish a simple two-step procedure:
1. Make the administrative user account member of the group wheel by using Usermod-ag wheel user.
2. Type Visudo and make sure the line%wheel all= (All) are included.
[Email protected] ~]$ useradd test--Normal account Rusky is not authorized to add users-bash:/usr/sbin/useradd:permission Denied[[email protected]~]$ sudo useradd test--use sudo to elevate to administrator permissions failed We trust you have received the usual lecture fromThe local systemadministrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) with great power comes great responsibility. [sudo] password forRusky:rusky isNotinchThe sudoers file. This incident would be reported. [[Email protected]~]$ ID ruskyuid= +(Rusky) gid= +(Rusky) groups= +(Rusky)==========================================processing method: [[email protected]~]$ Su-password:last Login:thu June - Geneva: -: +EDT . fromRhel7.com on pts/4[[Email protected]~]# Usermod-ag Wheel Rusky--execute this command [[email protected]~]# Visudo--# # allows peopleinchgroup wheel to run all commands%wheel all=(All) All[[email protected]~]# Su-ruskylast Login:thu June - Geneva: .: AboutEDT .On pts/4[[Email protected]~]$ Useradd-bash:/usr/sbin/useradd:permission Denied[[email protected]~]$ sudo useradd test--use sudo to add user normal [sudo] password forRusky:
=========================
[[Email protected] ~] #usermod-ag Wheel Rusky Modify the user, add the user Rusky to the additional group wheel group (the system has this group by default)
This Rusky user was created in an installation system, or added to an additional/home/rusky2-m group when a new user was created with the useradd-g root-g wheel-d rusky2 wheel command.
-G,--groups groups new list of supplementary groups
-A,--append append the user to the supplemental GROUPS
=====
[Email protected] ~]# Visudo
# # Sudoers allows particular users to run various commands as
# # The root user, without needing the root password
. ......
# # allows people in group wheel to run all commands
%wheel all= (All) All--Uncomment this line
Linux sudo command