Articles :: SUDO Introduction

SUDO Introduction / Examples:

To sudo a program an entry needs to be made into the /etc/sudoers file.
The format of this entry should be in its simplist form is:

    Username-who-is-going-to-sudo    FQDN-of-machine    = /full/path/to/script.sh

e.g. to allow the user mcdonja to use the /sbin/shutdown program on hostname.iclebyte.com the /etc/sudoers entry would be:

    mcdonaja    hostname.iclebyte.com = /sbin/shutdown

When user mcdonaja calls the progam /sbin/shutdown sudo will ask them for the password of their account.

To stop sudo asking mcdonja for his password (usfull when scripting) the NOPASSWD attribute can be added.
e.g:

    mcdonaja    hostname.iclebyte.com = NOPASSWD: /bin/shutdown

By default sudo presumes that you want to sudo to root, it is however possibile to sudo to another user.
An example /etc/sudoers entry to sudo the program /path/to/myscript.sh as user 'wilsondo' is:

    mcdonaja    hostname.iclebyte.com = (wilsondo) /path/to/myscript.sh

This of course can be combined with the NOPASSWD attribute e.g.

    mcdonaja    hostname.iclebyte.com = (wilsondo) NOPASSWD: /path/to/myscript.sh

Multipul programs can be specified in the one line (with or without NOPASSWD/another user) like this:

    mcdonaja    hostname.iclebyte.com = (mcdonapa) /path/to/script2.sh, (wilsondo) NOPASSWD: /path/to/script2.sh,

Warnings:

Currently /etc/sudoers contains direct paths to various scripts which need be sudoed.
Due to this when executing a script from another script as sudo user X you should NOT do it in the fasion of:

    sudo -u USERTOSUDO sh /path/to/myscript.sh

Doing so tries to sudo the program 'SH'. This results in an error stating that the user was not allowed to sudo.
This method can be used if you add /bin/sh to the /etc/sudoers file although this defeats the object..

The correct (current) way to launch a script is simply with:

    sudo -u USERTOSUDO /path/to/myscript.sh

Also note scripts should be chmoded to 750.