However, almost everyone add a line like the below:
username ALL=(ALL:ALL) ALL
Which is far from being the right thing to do. You basically just gave the user username all root rights... To do it properly, you should know the synopsis of that line:
user machine=(effective user [ : effective group ] command
With:
user : the user you want to grant access to some commands. it can be a group too, just replace user by %groupname
machine : the machine you want those rights to apply (can be a hostname, IP, ALL)
effective user : the user's rights you want your user to execute the command as (root, user1, ALL, etc)
effective group : same as above, but for the group. This is not mandatory
command : the command or command list (separated by comma. Ex. /bin/chown,reboot)
An example is allays better than a long talk, if you want to give the user user1 the rights to execute the chown command:
user1 ALL=(root) /bin/chown
No comments:
Post a Comment