main configuration file is /etc/sudoers
My Lab
Non root user "test"
password "123456"
cat /etc/passwd |grep test
test:x:503:504::/home/test:/bin/bash
Here I'll enable access to "test" user to use sudo privileges.
You need to edit this file using special command,
1 [root@redhat ~]# visudo
2 Find entry called,
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
After the root entry put your user name here, Like this
test redhat=(ALL) ALL
Save and quit.
Note :- redhat mean your hostname
Note :- You can edit this file using vi (Like "vi /etc/sudoers") But after you edit and if there any misconfiguration it won't show you. But if you use "visudo" then if there any error when you close file it will show you the error.
Example: I put my entry like this "test redhat=(ALL) AL". Then it's will gave me a error message like this,
Warning: undeclared Cmnd_Alias `AL' referenced near line 72
So this is easy to understand where you need to edit file.
OK. now we configured "test" user to sudo privileges.
3 Loggin as a test user
[root@redhat ~]# su test
[test@redhat root]$
Now we try to find out user permission for the /var/log/message log file
[test@redhat root]$ tail /var/log/messages
tail: cannot open `/var/log/messages' for reading: Permission denied
It's says permission denied.
4 Then use sudo privileges and try
[test@redhat root]$ sudo tail /var/log/messages
Its will give you this kind of security warning message.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
5 Type password for user test. In my case 123456
Then it will show the message log as follows,
May 31 06:34:32 redhat smartd[2321]: smartd has fork()ed into background mode. New PID=2321.
May 31 06:34:32 redhat init: open(/dev/pts/0): No such file or directory
May 31 06:34:33 redhat pcscd: winscard.c:219:SCardConnect() Reader E-Gate 0 0 Not Found
May 31 06:34:33 redhat last message repeated 3 times
Now we already enabled basic sudo privileges to user test
If your not sudo user,
I added user called test2 and test2 is not sudo user.
[test2@redhat root]$ sudo tail /var/log/messages
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
Password:
test2 is not in the sudoers file. This incident will be reported.
Even if test2 provide his password it's give error like this and it's says test2 is not include in sudo file.
You can find this incident under /var/log/secure
[root@redhat ~]# tail /var/log/secure
May 31 06:55:39 rhce sudo: test2 : user NOT in sudoers ; TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/tail /var/log/messages
May 31 06:56:56 rhce su: pam_unix(su:session): session closed for user test2
As you can see above test2 is not sudo privilege user and this incident already tracked under secure log file.
No comments:
Post a Comment