Sudo allows users to run applications and scripts with the security privileges of another user.
Before allowing someone to elevate their security context for a specific application or script, you need to figure out which user or group you wish to elevate from and to, which applications/scripts you use, and on which systems to run them.
The default syntax for a sudo entry is the following:
who where = (as_whom) what
These simple five steps will guide you through setting up privilege escalation:
sudoers
definition file in /etc/sudoers.d/
called clustering through the following command:~]# visudo -f /etc/sudoers.d/clustering
CLUSTERING
by executing the following:Cmnd_Alias CLUSTERING = /sbin/ccs, /sbin/clustat, /sbin/clusvcadm
CLUSTERS
, as follows:Host_Alias CLUSTERS = cluster1, cluster2
CLUSTERADMINS
by executing the following:User_Alias CLUSTERADMINS = spalpatine, dvader, okenobi, qjinn
CLUSTERADMINS
to execute commands from CLUSTERING
on all servers within the CLUSTERS
group, as follows:CLUSTERADMINS CLUSTERS = (root) CLUSTERING
To edit the sudoers
file, you can either use a text editor and edit /etc/sudoers
, the visudo
tool, which automatically checks your syntax when exiting.
It's always a good idea to leave the original /etc/sudoers
file alone and modify the files located in /etc/sudoers.d/
. This allows the sudo rpm to update the sudoers
file should it be necessary.