This option does not require a password and was added to allow a user to revoke sudo permissions from a. The next time sudo is run a password will be required. The -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the epoch. This extends the sudo timeout for another 5 minutes (or whatever the timeout is set to in sudoers) but does not run a command. If given the -v (validate) option, sudo updates the user's timestamp, prompting for the user's password if necessary. The -h (help) option causes sudo to print a usage message and exit. This option is useful in conjunction with grep. The -L (list defaults) option lists out the parameters set in a Defaults line with a short description for each. The -l (list) option prints out the commands allowed (and forbidden) the user on the current host. If the invoking user is already root, the -V option prints out a list of the defaults sudo was compiled with and the machine's local network addresses. The -V (version) option causes sudo to print the version number and exit. To edit the sudoers file, use the visudo command. By default, sudo will log to syslog but this can be changed at configure time or in the sudoers file. Sudo can log both successful and unsuccessful attempts (and errors) to syslog, a unique log file, or both. Note that the mail isn't sent if an unauthorized user tries to run sudo with the -l or -v flags this allows users to determine for themselves whether or not they are allowed to use sudo. The default authority to be notified of unsuccessful sudo attempts is root. If a user not listed in sudoers tries to run a command using sudo, it is considered an unsuccessful attempt to breach system security and mail is sent to the proper authorities, as defined at configure time or in the sudoers file. This timestamp can be renewed if the user issues sudo with the -v flag. Once a user is authenticated, a timestamp is recorded and the user may use sudo without a password for a short time ( 5 minutes, unless configured differently in sudoers). By default, this is the user's password, not the root password itself. The real and effective uid and gid of the issuing user are then set to match those of the target user account as specified in the passwd file.īy default, sudo requires that users authenticate themselves with a password. Sudo allows a permitted user to execute a command as another user, according to specifications in the /etc/sudoers file.
0 Comments
Leave a Reply. |