centos sudoers visudo youruser ALL=(ALL) ALL or group wheel

By OK -

Open the sudoers file with the visudo command:
$sudo visudo
Select the line for user or group you want to allow password-less sudo access.
Add NOPASSWD after closing the bracket:
%sudo   ALL=(ALL:ALL) NOPASSWD: ALL
Press Ctrl + O and then confirm with the Enter key to save the changes.
Press Ctrl + X to exit visudo.
Now, the users of the group sudo should be able to use the sudo command without providing a password

Sudo on CentOS

Q Why does CentOS say that my account 'is not on the sudoers list'? I've tried looking in the account settings, but to no avail.
A CentOS doesn't use sudo by default. Unlike Ubuntu, where the first user set up in the installer has rights to run anything with sudo, CentOS gives no such rights to anybody. By default, the only way to run programs with root privileges is to log in as root, by running su in a terminal. If you want to enable sudo for you or others, you'll need to edit the sudoers list, using the command visudo. This uses the editor defined in $EDITOR or, if that's not set, Vi. This method checks the syntax before committing it to the real file, which avoids you locking yourself out with a typing error. Run it with
su -
visudo
or
EDITOR="emacs" visudo
and add this line to the end of the file
youruser ALL=(ALL) ALL
to enable a user to run any commands. You can also specify a list of commands like this:
otheruser ALL= /sbin/mount, /sbin/umount
Permission can be granted to all members of a group, and you can restrict the arguments given to commands as well, as in this, disabled, example from the default CentOS sudoers file
%users ALL=/sbin/mount /cdrom,/sbin/ umount /cdrom
which lets any user mount or unmount the CD. You can remove password protection like so
%users ALL=NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom
but be careful what you allow with this. Sudo is generally considered a better way of controlling access to system commands, because you have fine control over what each user can do, and because no one else needs to know the root password.

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more