+- Hackonology Forums (https://hackonology.com/forum)
+-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3)
+--- Forum: Configuration Scripts (https://hackonology.com/forum/forumdisplay.php?fid=6)
+--- Thread: Advance settings for sudo users (/showthread.php?tid=27)
Advance settings for sudo users - SysAdmin - 08-27-2020
##To add Time Stamp for sudo
vim /etc/sudoers
>Defaults timestamp_timeout=0
After Implementing this you need to give your password every time while working with sudo (Time in Minute)
##Never Ask for a Password
vim /etc/sudoers
>username ALL=(ALL) NOPASSWD: ALL (For a specific user)
or
>%sudo ALL=(ALL:ALL) NOPASSWD:ALL (for all user which have sudo privileges)
or
>username ALL=(ALL) NOPASSWD: /usr/bin/apt-get,/sbin/shutdown (To allow a specific command)
##To allow a user to run a specific command only
vim /etc/sudoers
>user ALL=/usr/bin/apt-get,/sbin/shutdown
The following command will tell us what commands the user can run with sudo:
>sudo -U standarduser –l
##To allow user a specific command
john ALL=(root) /bin/systemctl restart NetworkManager
john ALL=(ALL) /bin/systemctl restart apache2
##To block a specific command
john ALL=(ALL) !/bin/systemctl restart apache2
##To allow a user to run multiple commands
john ALL=(ALL) /path/to/command1, /path/to/command2, /path/to/command3
##To find the path of command
which command1
##To run a specific command with no password
john ALL=(ALL) NOPASSWD: /bin/systemctl restart NetworkManager
##To block a specific command for a standard user
vim /home/tom/.bashrc
/bin/mkdir() {
echo "mkdir command not allow for you"
}
mkdir() {
echo "mkdir command not allow for you"
}
./mkdir() {
echo "mkdir command not allow for you"
}
readonly -f /bin/mkdir
readonly -f mkdir
readonly -f ./mkdir
chattr -i /home/tom/.bashrc