Running sudo: Examples

using sudo

The sudo command in action under CentOS. sudo -l shows the commands user chris is allowed to run as root.

In the previous article, we configured sudo to allow user chris root privileges for the ifconfig, kill and ls commands. If chris wants to run these commands, he must first enter the sudo command, and then his password. To see if it works, do the following:

  1. Log in as user chris.
  2. To find out what commands chris has root access to, enter this:
    sudo -l
  3. If this is your first time running sudo as user chris, a warning will display:
    We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things.
    #1) Respect the privacy of others.
    #2) Think before you type.
     #3) With great power comes great responsibility.
  4. A password prompt appears. Do not enter the root password. Enter chris’s password.
  5. The commands that chris is allowed to run on this host are listed.
  6. To test your sudo configuration, you can run an ifconfig option that requires root permission without using sudo. Enter:
    /sbin/ifconfig eth0 down
    Permission is denied beceause chris is not allowed to deactivate the system’s eth0 interface.
  7. To deactivate the interface, chris must use sudo. Enter:
    sudo /sbin/ifconfig eth0 down
    You will be successful. Please note that sudo will ask for chris’s password if chris’s ticket has expired (the default is five minutes). If you run this command within five minutes from the last time, you will not be prompted for a password.
  8. Reactivate the interface by typing:
    sudo /sbin/ifconfig eth0 up
  9. Next, restart one of the httpd processes using the kill command by entering:
    ps aux | grep httpd
  10. Choose an Apache PID from the list that appears (if Apache is not installed, select a different service process to restart). Enter:
    kill -HIP (PID NUMBER)
  11. You are not allowed to restart the httpd process because you are not root.
  12. Instead, use sudo to run the command as root by entering:
    sudo kill -HUP (PID NUMBER)
    You should be successful.

  13. Next, list the root directory as chris using the ls command. Enter:
    ls /root
    Permission is denied because you are not root.
  14. Again, use sudo to run the command as root:
    sudo ls /root
    Permission is granted and the root user’s directory is displayed.
  15. To expire chris’s timestamp, enter the command sudo -k. Chris will have to enter a password the next time he uses sudo.

External Links:

ifconfig at Wikipedia
kill at Wikipedia
ls at Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy