File Operation & Sudo Operations

Add the Linux groups to your server:

[[email protected] tmp]# groupadd parents
[[email protected] tmp]# groupadd children
[[email protected] tmp]# groupadd soho

Add the Linux users and assign them to their respective groups

[email protected] tmp]# useradd -g parents ram
[[email protected] tmp]# useradd -g parents jagmohan
[[email protected] tmp]# useradd -g children ramesh
[[email protected] tmp]# useradd -g children hema
[[email protected] tmp]# useradd -g soho accounts
[[email protected] tmp]# useradd -g soho sales

User root changing the password for user ram

[[email protected] root]# passwd ram
Changing password for user ram.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] root]#

Delete Users

userdel ram

There is also an optional -r switch that additionally removes all the contents of the user’s home directory.

# userdel -r ram

How to Tell the Groups to Which a User Belongs

[[email protected] root]# groups ram
ram : parents
[[email protected] root]#

How to Change the Ownership of a File

[[email protected] tmp]# ll test.txt
-rw-r–r–  1 root root 0 Nov 17 22:14 test.txt
[[email protected] tmp]# chown testuser:users test.txt

[[email protected] tmp]# ll test.txt
-rw-r–r–  1 testuser users 0 Nov 17 22:14 test.txt

[[email protected] tmp]#

SUDO Operation

Temporarily Gaining root Privileges

[[email protected] bob]$ more /etc/sudoers
/etc/sudoers: Permission denied

[[email protected] bob]$

Bob tries again using sudo and his regular user password and is successful:

[[email protected] bob]$ sudo more /etc/sudoers
Password:


[[email protected] bob]$

Becoming root for a Complete Login Session

The su command allows a regular user to become the system’s root user if they know the root password. A user with sudo rights to use the su command can become root, but they only need to know their own password, not that of root as seen here.

[email protected]:~$ sudo su –
Password:
[email protected]:~#

The /etc/sudoers file contains all the configuration and permission parameters needed for sudo to work.

Granting All Access to Specific Users

You can grant users bob and bunny full access to all privileged commands, with this sudoers entry.

bob, bunny  ALL=(ALL) ALL

This is generally not a good idea because this allows bob and bunny to use the su command to grant themselves permanent root privileges thereby bypassing the command logging features of sudo. The example on using aliases in the sudoers file shows how to eliminate this prob

Granting Access To Specific Users To Specific Files

This entry allows user peter and all the members of the group operator to gain access to all the program files in the /sbin and /usr/sbin directories, plus the privilege of running the command /usr/local/apps/check.pl. Notice how the trailing slash (/) is required to specify a directory location:

peter, %operator ALL= /sbin/, /usr/sbin, /usr/local/apps/check.pl

Granting Access to Specific Files as Another User

The sudo -u entry allows allows you to execute a command as if you were another user, but first you have to be granted this privilege in the sudoers file.

This feature can be convenient for programmers who sometimes need to kill processes related to projects they are working on. For example, programmer peter is on the team developing a financial package that runs a program called monthend as user accounts. From time to time the application fails, requiring “peter” to stop it with the /bin/kill, /usr/bin/kill or /usr/bin/pkill commands but only as user “accounts”. The sudoers entry would look like this:

peter ALL=(accounts) /bin/kill, /usr/bin/kill, /usr/bin/pkill
User peter is allowed to stop the monthend process with this command:

[[email protected] peter]# sudo -u accounts pkill monthend

Granting Access Without Needing Passwords

This example allows all users in the group operator to execute all the commands in the /sbin directory without the need for entering a password. This has the added advantage of being more convenient to the user:

%operator ALL= NOPASSWD: /sbin/

To create a Tar file
tar -czf archive.tar.gz *.txt

To list files in a compressed Tar file
tar -tzf archive.tar.gz.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.