Difference between revisions of "Sudo"
Jump to navigation
Jump to search
↑ https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password
(→Task) |
|||
(28 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | <code>[[wikipedia:sudo|sudo]]</code> is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user. | + | {{lowercase}} |
+ | <code>[[wikipedia:sudo|sudo]]</code> (1980s) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user. | ||
+ | * Man page: https://man7.org/linux/man-pages/man8/sudo.8.html | ||
− | * Add user to sudo group: <code>sudo [[usermod]] '''-a'''G sudo YOUR_USERNAME</code> | + | == Examples == |
+ | * Add user to sudo [[group]]: <code>sudo [[usermod]] '''-a'''G sudo YOUR_USERNAME</code> | ||
+ | * <code>[[sudo -u postgres psql]]</code> | ||
== Task == | == Task == | ||
* Allow user YOUR_USER_NAME to run sudo commands without typing the password: | * Allow user YOUR_USER_NAME to run sudo commands without typing the password: | ||
− | Include in <code>/etc/sudoers</code>, using the <code>visudo</code> command, the following line at the end of the file: | + | Include in <code>[[/etc/sudoers]]</code>, using the <code>visudo</code> command, the following line at the end of the file: |
<code>YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL</code><ref>https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password</ref> | <code>YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL</code><ref>https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password</ref> | ||
Line 12: | Line 16: | ||
* Use [[Ansible]] to modify file for [[passwordless sudo]] execution in [[Ubuntu]] | * Use [[Ansible]] to modify file for [[passwordless sudo]] execution in [[Ubuntu]] | ||
+ | |||
+ | == [[Security vulnerabilities]] == | ||
+ | * [[CVE]]-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8 | ||
+ | Exploitable if the following configuration is present: | ||
+ | :<code>username hostname = (ALL, !root) path-to-command</code> | ||
+ | |||
+ | == Errors == | ||
+ | sudo: unable to resolve host | ||
+ | See: <code>[[resolv.conf]]</code> | ||
+ | |||
+ | [sudo] password for USERNAME: | ||
+ | USERNAME is not in the sudoers file. This incident will be reported. | ||
+ | |||
+ | == Options == | ||
+ | * <code>-S, --[[stdin]]</code> | ||
+ | * <code>[[-u]]</code> | ||
+ | |||
+ | == Related terms == | ||
+ | * [[Qualys]] | ||
+ | * <code>[[sudoedit]]</code> | ||
+ | * <code>[[become_method]]</code> | ||
+ | * <code>[[SET SESSION AUTHORIZATION]]</code> | ||
+ | * [[gosu]] | ||
+ | * [[kubectl]] [[--as]] | ||
== See also == | == See also == | ||
* {{Linux Commands privileges}} | * {{Linux Commands privileges}} | ||
− | + | * [[journalctl]], [[machinectl]] | |
+ | * {{become}} | ||
[[Category:Linux]] | [[Category:Linux]] | ||
[[Category:Linux commands]] | [[Category:Linux commands]] |
Latest revision as of 09:26, 2 November 2023
sudo
(1980s) is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user.
Examples[edit]
- Add user to sudo group:
sudo usermod -aG sudo YOUR_USERNAME
sudo -u postgres psql
Task[edit]
- Allow user YOUR_USER_NAME to run sudo commands without typing the password:
Include in /etc/sudoers
, using the visudo
command, the following line at the end of the file:
YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL
[1]
- Understand order rules are applied and impact: https://vim.fandom.com/wiki/Set_Vim_as_your_default_editor_for_Unix
- Use Ansible to modify file for passwordless sudo execution in Ubuntu
Security vulnerabilities[edit]
- CVE-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8
Exploitable if the following configuration is present:
username hostname = (ALL, !root) path-to-command
Errors[edit]
sudo: unable to resolve host
See: resolv.conf
[sudo] password for USERNAME: USERNAME is not in the sudoers file. This incident will be reported.
Options[edit]
Related terms[edit]
See also[edit]
sudo
,id
,visudo
,useradd
,userdel
,usermod
,groups
,passwd
,chown
,chmod
,chgrp
,groupadd
,groupdel
, Passwordless sudo, passwd (package),sudo --help
- journalctl, machinectl
sudo, doas
, Polkit (pkexec
)
Advertising: