이 콘텐츠는 선택한 언어로 제공되지 않습니다.
4.2. The sudo Command
The
sudo
command offers another approach to giving users administrative access. When trusted users precede an administrative command with sudo
, they are prompted for their own password. Then, when they have been authenticated and assuming that the command is permitted, the administrative command is executed as if they were the root user.
The basic format of the
sudo
command is as follows:
sudo
<command>
In the above example, <command> would be replaced by a command normally reserved for the root user, such as
mount
.
The
sudo
command allows for a high degree of flexibility. For instance, only users listed in the /etc/sudoers
configuration file are allowed to use the sudo
command and the command is executed in the user's shell, not a root shell. This means the root shell can be completely disabled as shown in the Red Hat Enterprise Linux 6 Security Guide.
Each successful authentication using the
sudo
is logged to the file /var/log/messages
and the command issued along with the issuer's user name is logged to the file /var/log/secure
. Should you require additional logging, use the pam_tty_audit
module to enable TTY auditing for specified users by adding the following line to your /etc/pam.d/system-auth
file:
session required pam_tty_audit.so disable=<pattern> enable=<pattern>
where pattern represents a comma-separated listing of users with an optional use of globs. For example, the following configuration will enable TTY auditing for the root user and disable it for all other users:
session required pam_tty_audit.so disable=* enable=root
Another advantage of the
sudo
command is that an administrator can allow different users access to specific commands based on their needs.
Administrators wanting to edit the
sudo
configuration file, /etc/sudoers
, should use the visudo
command.
To give someone full administrative privileges, type
visudo
and add a line similar to the following in the user privilege specification section:
juan ALL=(ALL) ALL
This example states that the user,
juan
, can use sudo
from any host and execute any command.
The example below illustrates the granularity possible when configuring
sudo
:
%users localhost=/sbin/shutdown -h now
This example states that any user can issue the command
/sbin/shutdown -h now
as long as it is issued from the console.
The man page for
sudoers
has a detailed listing of options for this file.
Important
There are several potential risks to keep in mind when using the
sudo
command. You can avoid them by editing the /etc/sudoers
configuration file using visudo
as described above. Leaving the /etc/sudoers
file in its default state gives every user in the wheel
group unlimited root access.
- By default,
sudo
stores the sudoer's password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt the user for a password. This could be exploited by an attacker if the user leaves his workstation unattended and unlocked while still being logged in. This behavior can be changed by adding the following line to the/etc/sudoers
file:Defaults timestamp_timeout=<value>
where <value> is the desired timeout length in minutes. Setting the <value> to 0 causessudo
to require a password every time. - If a sudoer's account is compromised, an attacker can use
sudo
to open a new shell with administrative privileges:sudo /bin/bash
Opening a new shell as root in this or similar fashion gives the attacker administrative access for a theoretically unlimited amount of time, bypassing the timeout period specified in the/etc/sudoers
file and never requiring the attacker to input a password forsudo
again until the newly opened session is closed.