Setup

[Tom McGivern]

If a user currently uses "su" to get root access, let's say they need to
"su - oracle", but nobody keeps the oracle login password, because they
all come through as root...

The user would then need to "sudo su - oracle"

Which means
1) sudo must be in their path
2) sudoers must have them authorized for such command. (more in a
minute)
3) you need to educate them to prefix their commands with sudo, and take
root password away.

If you don't take the root password away, then it's all on the honor
system.

Now, sudoers file... where does it live.. that varies by
implementation... but the "visudo" command should be able to find it.
Within this file (sudoers), it maintans who can do what as whom (it's
not always root that you want to do things as).

A Very simple setup: (and by default I think you see "root All=ALL ALL")

This says root, on all systems(that have this version of the file), can
issue all commands as all users.
For system admins that I permit to get to root, but ask them to use
their own ids where possible (and root can only be gotten to via the
console), I have created the following entry:  (my id is tcm8311, matt's
is mww5423)
tcm8311 ALL=(ALL) ALL
mww5423 ALL=(ALL) ALL

This says we can do anything (technically I use user aliases, but that's
beyond the scope of this note).

For Sally, who needs to "su - oracle", try the following:
Sally ALL=(root) su - oracle

That's ALL she can do.. she can't shutdown the system, she can't "rm -fr
/etc" she can "sudo su - oracle" THATS IT!

and the possibilities grow from there...


Ed Zoeller wrote:

> I have downloaded and setup sudo, but how do I set it up for use?
> Where do I add it, how does it get invoked by the users,
> etc.......  Ed Zoeller
> Sr. System Administrator
> U-Access
> 640 North LaSalle Street
> Suite 400
> Chicago, IL 60610
> 312.602.6500