Difference between revisions of "Sudo"

From wikieduonline
Jump to navigation Jump to search
 
(28 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<code>[[wikipedia:sudo|sudo]]</code> is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user.
+
{{lowercase}}
 +
<code>[[wikipedia:sudo|sudo]]</code> (1980s) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user.
 +
* Man page: https://man7.org/linux/man-pages/man8/sudo.8.html
  
* Add user to sudo group: <code>sudo [[usermod]] '''-a'''G sudo YOUR_USERNAME</code>
+
== Examples ==
 +
* Add user to sudo [[group]]: <code>sudo [[usermod]] '''-a'''G sudo YOUR_USERNAME</code>
 +
* <code>[[sudo -u postgres psql]]</code>
  
 
== Task ==
 
== Task ==
 
* Allow user YOUR_USER_NAME to run sudo commands without typing the password:  
 
* Allow user YOUR_USER_NAME to run sudo commands without typing the password:  
Include in <code>/etc/sudoers</code>, using the <code>visudo</code> command, the following line at the end of the file:
+
Include in <code>[[/etc/sudoers]]</code>, using the <code>visudo</code> command, the following line at the end of the file:
  
 
<code>YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL</code><ref>https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password</ref>
 
<code>YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL</code><ref>https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password</ref>
Line 12: Line 16:
  
 
* Use [[Ansible]] to modify file for [[passwordless sudo]] execution in [[Ubuntu]]
 
* Use [[Ansible]] to modify file for [[passwordless sudo]] execution in [[Ubuntu]]
 +
 +
== [[Security vulnerabilities]] ==
 +
* [[CVE]]-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8
 +
Exploitable if the following configuration is present:
 +
:<code>username hostname = (ALL, !root) path-to-command</code>
 +
 +
== Errors ==
 +
sudo: unable to resolve host
 +
See: <code>[[resolv.conf]]</code>
 +
 +
[sudo] password for USERNAME:
 +
USERNAME is not in the sudoers file.  This incident will be reported.
 +
 +
== Options ==
 +
* <code>-S, --[[stdin]]</code>
 +
* <code>[[-u]]</code>
 +
 +
== Related terms ==
 +
* [[Qualys]]
 +
* <code>[[sudoedit]]</code>
 +
* <code>[[become_method]]</code>
 +
* <code>[[SET SESSION AUTHORIZATION]]</code>
 +
* [[gosu]]
 +
* [[kubectl]] [[--as]]
  
 
== See also ==
 
== See also ==
 
* {{Linux Commands privileges}}
 
* {{Linux Commands privileges}}
 
+
* [[journalctl]], [[machinectl]]
 +
* {{become}}
  
 
[[Category:Linux]]
 
[[Category:Linux]]
 
[[Category:Linux commands]]
 
[[Category:Linux commands]]

Latest revision as of 09:26, 2 November 2023

sudo (1980s) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user.

Examples[edit]

Task[edit]

  • Allow user YOUR_USER_NAME to run sudo commands without typing the password:

Include in /etc/sudoers, using the visudo command, the following line at the end of the file:

YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL[1]

Security vulnerabilities[edit]

Exploitable if the following configuration is present:

username hostname = (ALL, !root) path-to-command

Errors[edit]

sudo: unable to resolve host
See: resolv.conf
[sudo] password for USERNAME:
USERNAME is not in the sudoers file.  This incident will be reported.

Options[edit]

Related terms[edit]

See also[edit]

  • https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password
  • Advertising: