Difference between revisions of "Sudo"
Jump to navigation
Jump to search
↑ https://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password
| Line 15: | Line 15: | ||
== [[Security vulnerabilities]] == | == [[Security vulnerabilities]] == | ||
* [[CVE]]-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8 | * [[CVE]]-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8 | ||
| + | Exploitable if the following configuration is present: | ||
| + | :username hostname = (ALL, !root) path-to-command | ||
== Options == | == Options == | ||
Revision as of 10:57, 9 February 2020
sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user.
- Add user to sudo group:
sudo usermod -aG sudo YOUR_USERNAME
Task
- Allow user YOUR_USER_NAME to run sudo commands without typing the password:
Include in /etc/sudoers, using the visudo command, the following line at the end of the file:
YOUR_USER_NAME ALL=(ALL) NOPASSWD:ALL[1]
- Understand order rules are applied and impact: https://vim.fandom.com/wiki/Set_Vim_as_your_default_editor_for_Unix
- Use Ansible to modify file for passwordless sudo execution in Ubuntu
Security vulnerabilities
- CVE-2019-14287 https://nvd.nist.gov/vuln/detail/CVE-2019-14287, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287. CVSS Base Score: 8.8
Exploitable if the following configuration is present:
- username hostname = (ALL, !root) path-to-command
Options
-S, --stdin
See also
sudo,id,visudo,useradd,userdel,usermod,groups,passwd,chown,chmod,chgrp,groupadd,groupdel, Passwordless sudo, passwd (package),sudo --help- journalctl
Advertising:
