Advance settings for sudo users - Printable Version +- Hackonology Forums (https://hackonology.com/forum) +-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3) +--- Forum: Configuration Scripts (https://hackonology.com/forum/forumdisplay.php?fid=6) +--- Thread: Advance settings for sudo users (/showthread.php?tid=27) |
Advance settings for sudo users - SysAdmin - 08-27-2020 ##To add Time Stamp for sudo vim /etc/sudoers >Defaults timestamp_timeout=0 After Implementing this you need to give your password every time while working with sudo (Time in Minute) ##Never Ask for a Password vim /etc/sudoers >username ALL=(ALL) NOPASSWD: ALL (For a specific user) or >%sudo ALL=(ALL:ALL) NOPASSWD:ALL (for all user which have sudo privileges) or >username ALL=(ALL) NOPASSWD: /usr/bin/apt-get,/sbin/shutdown (To allow a specific command) ##To allow a user to run a specific command only vim /etc/sudoers >user ALL=/usr/bin/apt-get,/sbin/shutdown The following command will tell us what commands the user can run with sudo: >sudo -U standarduser –l ##To allow user a specific command john ALL=(root) /bin/systemctl restart NetworkManager john ALL=(ALL) /bin/systemctl restart apache2 ##To block a specific command john ALL=(ALL) !/bin/systemctl restart apache2 ##To allow a user to run multiple commands john ALL=(ALL) /path/to/command1, /path/to/command2, /path/to/command3 ##To find the path of command which command1 ##To run a specific command with no password john ALL=(ALL) NOPASSWD: /bin/systemctl restart NetworkManager ##To block a specific command for a standard user vim /home/tom/.bashrc /bin/mkdir() { echo "mkdir command not allow for you" } mkdir() { echo "mkdir command not allow for you" } ./mkdir() { echo "mkdir command not allow for you" } readonly -f /bin/mkdir readonly -f mkdir readonly -f ./mkdir chattr -i /home/tom/.bashrc |