How do you enable sudo, disable root, and limit access in Linux / Cent OS?

Posted by Jiltin     28 June, 2009    6,152 views   

sudo_linux_tree.jpgAfter googling sometime, I have followed the steps indicated here and made it work in CENT OS 5. Hence, I am sharing this experience and step for you to learn. The steps are simple and easy to follow once you understand the concept of it.

Cent OS differs from many other distros by enabling root account during setup. When there is a need to perform administrative task, just run the command with sudo and easily prevent the risk of abusing root privileges and doing stupid things. Following this guide, I was able to make this work on CentOS. Enabling sudo in other OS follows similar steps.

This is only for novice or first comers or just Linux learners. I am not going to you describe advance sudo functionality o setup.

Every distro is by default sudo enabled. You have a file /etc/sudoers, in which the user accounts are disabled, especially in CENT OS. All you need to do is edit the file, remove the comments that activates the sudo accounts. Mostly, you add a group inside sudo file and attach the users to the group (regular way in /etc/group ). Since the group name is listed (enabled) in /etc/sudoers all the users will have the same sudo privilege.

The /etc/sudoers is a read only file. This can be edited by vim editor. By using vim editor, it automatically allows you to edit the file even though it is read only for root. BTW, you need to edit as a root user!

1. First, log in as root account. You can switch to root account from any account by running su and typing the root password.
2. Enabling sudo. If you are not comfortable with vim, run

export EDITOR=gedit

first. Now run

/usr/sbin/visudo

The lines starting with # are comment lines and will be ignored. Just uncomment the following line:

# %wheel ALL=(ALL) ALL

by removing the # at the beginning. This line means that anybody in the group wheel can use sudo to run anything from anywhere.
3. Add an account to group wheel. For example, if the account you use to perform administrative task is isteering, run

gpasswd -a isteering wheel

Now you can sudo from user isteering
4. Disable root account. This is done by running passwd to lock the account:

passwd -l root

This suggestion may work well for a server setup, but it has the unfortunate side effect of locking the user out from a desktop setup of CentOS when attemping admin functions through GNOME. My suggestion instead of locking the root password is to disable root logins through ssh by adding the following line to /etc/ssh/sshd_config
PermitRootLogin no
This still permits the root user to login at the workstation. If physical access is an issue, locking the account via passwd lockout is probably a better choice.

It is quite obvious after we perform the above steps, we have just created a second root account: the user isteering is exactly the same as root user, just having a different name. So we have not added much protection, if the attacker can guess the name of this new account. So you might want to consider limiting where the user can log in from. Use your favorite editor to edit file /etc/security/access.conf. Add the following lines for the admin group:

-:wheel:ALL EXCEPT LOCAL 192.168.1. 72.14.207.99

This will deny user in group wheel to log in from anywhere but 192.168.1. subnetwork (note the suffix dot) or host 72.14.207.99. You still need to add this line

auth required pam_access.so

to /etc/pam.d/sshd to tell SSH server to consult the access control, otherwise SSH server by default will ignore this access control mechanism built in PAM.

Otherwise, you can change the file permission chmod 777 /etc/sudoers, edit the changes, and change back chmod 440 /etc/sudoers. I tested this with cent OS, it is working.

Reference:
http://www.linuxquestions.org/questions/linux-newbie-8/how-to-edit-sudoers-file-using-visudo-597400/
http://edipage.wordpress.com/2008/09/30/quickly-secure-centos-5-by-enabling-sudo-disabling-root-and-limiting-access/

Following Google Searches Lead To This Post: enable sudo centos
Limit the number of accesses to the root account via PAMs
how to use sudo in centos
howto sudo in linux RHEL4
how to give sudo access right in Unix
centos 5 sudo root
Unix sudo limitation
sudo restriction
limit sudo commands
disable remote root redhat
sudo limitation’
how to prevent sudo su – root
how to setup sudo on centos
configuring sudo in rhel4
rhel5 sudoer
switch to root in linux
cento enable wheel group
linux how to enable sudo
ubunut wheel group
linux allow root login centos
how to configure sudo in RHEL
limit access to linux server for AD users
how to disable setup.php access
ubuntu limit root login
set sudoers rhel
ubuntu deny users to do sudo
limit user acces to root shell\
disabling SU in Ubuntu
adduser con sudo en centos
are there any limits on what a sudo user can do
+sulog +redhat -site:experts-exchange.com
limit sudo over ssh
limit sudo to user
adduser linux “disable login”
centos change user to root
configure sulog in redhat linux
disable bash logging for root
disabling the root shell in Linux
to disable su options in solaris
limit sudoer account
how to disable root user in RHEL
hot set sudo user in RHEL
giving user sudo
sudo disallow
create a user on linux with limited access to root
create sudo previledge to rhel
configure sudo in linux in a secure way
centos sudo config
giving root access to php exec in linux
enable user account in Centos
enable sudo linux
linux disallow login but allow user to sudo
enable sudo ssh rhel
linux limit root su
redhat linux and user setup and sudo
oracle unix disable root user
sulog red hat enterprise
+security +unix +”disable root”
limit sudo to a specific directory
remote root access rhel 5
centos give to user root privileges
linux sudo
sudo is slow
unix give sudo access
ubuntu user deny sudo access
pam_access auth
limiting root, Linux
first do install linux “disable root”
how to use sudo in cent0s
linux sudo wheel
enabling centos sudo
linux sudo logs in RHEL 5.0
rhel configure sudo
how to disable sulog on hp-ux
sudo: no passwd entry for root!
sudoers 777 440
debian access.conf enamble login root
centos limiting su to wheel
disable sudo on solaris 10
how do you disable or remove sudo on Solaris server?
DENY ROOT ACCESS VIA SUDO
how to create sudo access in linux
how to enable sudo in solaris
how to give sudo rights in solaris 10
enable read access for users in sudoers
redhat allow user su
sudo disable shell
linux logging root logins sulog
limiting ssh privileges
enable root account red hat
how to set the wheel permission on centos
adding a group in centos with sudo
centos visudo apache sudo
centOS give user su permissions
limit user commands sudoers ubuntu
how do i turn off remote login in redhat 5 linux
disbaling sudo root access
sudo disable command
how to enable sudo in linux
how to create sulog file on Linux in RHEL
sulog in rhel 4
ubuntu sudo disable
sendmail server configuration in redhat
how to create user with admin priviledge + sudo + linux
remove sudo permision for a user
how to enable root account centos
sudo file for run shell script all user in RHEL5
passwd commandcentos
sudo prevent ssh
oracle sudoers editieren
rhel sudo
prevent root home directory
redhat sudoers root privilege
redhat sudoers “disable” +” root permission ”
5 cents php root access
limit su access linux
configure sudo RHEL
read access to root group in linux
unix enable sudo for user
linux limit su users
giving user sudo access centos
php enable sudo
centos sudoers to oracle
centos enable sudo
How to Limit Administrative Privileges linux
how to configure sudoers in redhat linux 5.0
howadd user sudo debian 5.0
allow user to group root debian
linux su centos
enable su access to user on centos
how to aenable su access to user on centos
how to enable root access log file in linux
linux limit access sudo user
linux su limitation
GO-Global allow root login
rhel5 /etc/sudoers file how run a shell script for all user without giving root password
enable sudo
limit sudo Ubuntu
howto give root permission to user in linux
how to add,remove and disable users in linux
sudo prevent su root
how to give allow sudo su
disallowing login access to a user ubuntu
“centos+sudoers”
how to enable root login in ubuntu file system script
how to get the sudo rights in solaris
disable http access on linux server
go-global disable root
debian limit user access
limited root permission + sudo + rhel 5
stop user cd to root in linux
centos limits pam
limit root linux
disable root login ssh debian
debian how to enable sudo
debian sudo wheel
remove SU access + unix
limiting access via sudo in linux
giving only service start access sudo linux
how to enable sudo on linux server
solaris 10 prevent root login
linux sudo no passwd entry for su
red hat enable su account
linux, only wheel can sudo
sudo enable directory access
make a user sudo
security/access.conf sudo
permit login ssh root HP-UX
/etc/security/access.conf sudo
sudo linux
enabling sudo centos
limit the usage of su to a specific user RHEL
sudo on rhel
access.conf centos deny
how to setup a user and sudo access on centos 5
how to remove options and limit what a user can do in ubuntu
how to allow sudo admin
centos give user root privileges
rhel sudo passwd
linux disallow ssh access
Disabling root shell access in CentOS
run shell script as root remotely ssh sudoer
ubuntu limit access
enable sudo redhat
centos sudo user
how to give sudo permission in solaris
SUDO disable bash
How to enable all rights back to root in linux
rhel5 creating directory with root permission using script
to enable su on centos
how do you enable su in centos
disable sudo debian
linux+disallow ssh access for user
enable sudo ubuntu live
disable shell access using sudo
giving sudo bash access sudoers
limit root rights
debian disable root
adduser linux disable login
enable sudo script
wp-config.php best chmod 440
redhat el5 sulog
sudo account disable login
ssh enable sudo
+debian +server +”disable root”
enabling sudo privilege
linux sudoers limit root access
how to give limit for password using php
access.conf disallow not working
remove sudo privileges
centos sudo access
sudo configuration step in hp ux
How to know about users having Sudo rights in unix
create a limit access account in lunux
rhel5.4 sudoers
how to configure sudo in linux
How to sudo in solaris
how to limit sudo privileges
centos give user su – access
remove sudo rights from a folder in ubuntu 9.0
sudo for access control
shell useradd enable sudo
+SUDO Logging Enabled +rhel
sudo disable in ubuntu
RHEL group limitations
debian limit su users
allow root access to directory
oracle root su disable
linux prevent remote login root
need to give sudo access to the user in solaris 10
can i remove root access to a file
debian disable sudo to users
disable user sudo
centos adduser ssh
sudo limitations
+linux +sudo +root +enable
linux disable sudo
linux deny group access to directory
how I disable the root privilege
how to enable sudo privileges to account
red hat give sudo rights
Apache config files tree
sudo AD users + pam.d RHEL
RHEL give root terminal access
how to enable sudo account
how to make sudoers on redhat linux
attacker+rhel5
give root privilage to apache user in linux
root user disabled on hp ux
allow su command on CentOS
how to enable disable remote console redhat
ssh root hp ux
centos disable su
centos disable su for users
how to configure Sudo access in Linux
Limit root login remotely
centos 5 +how to set user to sudoer
prevent root from logging remotely
ubuntu sudo limit
linux su logging on RHEl 5
sudo ” how to allow “su – root”
limit sudo privilege
sudo advanced enabling disabling
gnome-sudo redhat
giving sudo privileges linux
rhel5 sudo not working
enabling sudo on centos user
sudo “redhat 5″
limit sudo
how to enable sudo CentOs
centos add user limit
enable shell access for user ubuntu
linux how to prevent su – root login
ubuntu disable all remote logins
limit commands sudo
how to disable linux remote login for particular user and allow su only
how to enable sudo
restrict access to linux servers using sudo
allow visudo apache su
sudo no root login solaris
give unix account the sudo rights
how to remove root permissions in linux
redhat adduser “disable password”
how to give root access to user in linux wheel
sudo access _+ unix servers
disable sudo logging hp-ux
how to allow root sudo access linux
centos disable sudo
how to create a sudo user with root privileges in solaris 10
sudo rhel5
rh5 sudo command for apache user
solaris “sudo root”
enable sudo centos 5
disable root remote login hp ux
linux enable wheel
linux limit su –
centos sudo
secure linux “access.conf
to disable root login in RHEL5
chmod 440 /etc/sudoers readonly
how to enable sudo in redhat
disable root on centos
solaris “limit access”
solaris user login “limit access”
how to create sudo user in hpux
su sudo right centos
login as root linux and sudo and redhat linux
rhel5 how to prevent root from logging in
linux limits disable applications
linux how to enable /etc/security/access.conf
linux disable external root login
giving user rights in solaris
rhel5 sudoers
centos 5 sudoers
centos adduser no sudo access
su access on linux account
enable su +linux
sudo useradd wheel
sudo acces right redhat
RHEL sulog
how disable sudo permission
how to enable sudo CentOS5
+ubuntu +adduser +commandline +sudo list
sudo limit directory
ssh disable remote user su
limit user rights and sudo
rhel4 allow ssh access
redhat linux limit login access
how to avoid “sudo -s” sshd_config
sulog rhel 4
adduser debian disable shell
disable remote login on redhat
linuxquestions.org “unix account”
enable root in CentOS command
centos prevent user from ssh access
enable sulog linux redhat
enable sudo in red hat
give sudo access to user centos root
linux specific user disable read access
rhel5 sudo stop
create a su with limited access in red hat
setting up sudo access in Solaris 10
how to limit user access on hp-ux
“UNIX” AND “USER DISABLED” “enable”
enable sudo red hat enterprise 5
rhel create root group
gnome sudo rhel5
linux remove sudo admin
in linux what command do you use to disable a user
limit sudo su wheel group
how to configure sudo user in hpux
enable root terminal solaris 10
create sudo access on linux
giving user sudo rights centos
Disable remote login for root, su, unix
disable sudo account ubuntu
ubuntu sudo deny user
how to give root access to sudo in linux
how to create a sudo account red hat
how to enable sudo log
how to enable sudo log+AIX
redhat disable to su to root
give root permissions to a regular user in solaris 10
Debian GNU/Linux + giving root access to user for scripts
disable sudo logging
HP UX sudo account is disabled
sudo how to limit su root
disable root login on HP server
prevent user su rhel
redhat give sudo access to user
“sudo in redhat”
gnome prevent root login pam
linux disable su root
sudo disallow directory
linux 5 access.conf does not lock out root
centos give admin ssh access
debian “no root” login sudo
linux disable script adduser
stop root access to directory
command to configure sudo in rhel4
rhel howto disable su
disallow shell access linux
how to enable sudo on linux
switch to root linux sudo
UNIX disable sudo
how to set sudo on redhat
enable root remote access on solaris 10
hp-ux restriction root ssh login
sudo su
add user with root privileges on centos
unique root in Unix limitations
linux remove root permission
rhel5 sudo howto
linux allow apache sudo permission
Which file enables you to disable root login on terminals in solaris
disable cd Access linux
how to limit apache access in linux
how to edit sudo to give users rights to a directory in sudo
linux sudo logs
“enable root access” centos
how to give a user admin rights centos
linux enable wheel pam.d
limiting sudo bash
remove http access from linux directory
disable user from creating directory
red hat sudo access to su –
sudo bash login root centos
rhel 4 give sudo rights
sudo php enable
redhat enable password root
add user with sudo rights centos
limited root access sudo
“enable su” in sudoers
how to enable sudo commands in Centos 5
How to enable sudo commands in linux
pam enable access.conf
how to enable sudo for a user in RHEL
ubuntu prevent terminal login for particular user
sudo access in solaris 10
red hat enterprise linux 5 sulog
sulog in RHEL
change user to sudo in centos
command to grant user with root access in centos
rhel5 root login disable
how to enable remote su on linux
centos + add user + root + sudo, pdf
enable sudo on an account
giving root privilages for a user in centos 5
red hat enterprise linux sudo readonly
how to disable root login in rhel 5
enable highest linux privileges
how to disable sudo terminal
rhel5 disable root login
solaris 10 group wheel sudo
centos disable root permission
steps disable sudo log solaris 10
linux limit access to group
adding a sudo user RHEL
login to another user with out giving password using sudo in HP unix
how to disable root right to run the script
debian deactivating root account
centos enabling sudo
centos enabling sudo from commandline
linux allow sudo access
how can enable sulog in rhel5
sulog configuration in rhel5
prevent users to switch as root + script
enable wheel
ubuntu, sudo: no passwd entry for root
changing sudoers on centOS + give admin rights to an user
ssh su limitation
sudo limit commands
prevent su access Solaris
ssh sudoer RHEL 5
enable sudo access
enable and disable unix root
how to disable root from logging in
disallow sudo ssh
how to enable the root account on redhat linux
giving user local admin rights in red hat linux
how to setup sudo for RHEL
how to deny access to su for a user in linux
limiting sudo
enable sulog redhat
sulog configured in visudo file in solaris
sudo RH5
crear usuarios con privilegios sudo centos 5
centos how to give root privileges to a user
rhel sudoers
how to allow root login in centos5
linux prevent root access folder
configuring sudo in RHEL5
pam limit login centos
sudo + deny run passwd + debian
centos allow su
how to enable and disable users in rhel
Centos setting sudo rights
giving users local admin rights in red hat linux
Linux limit user privileges
shell script to prevent sudo access
linux centos sudo
linux centos “create sudo”
redhat sudo permissions 440
debian root user access limit
enable regular user ssh centos
centos disable su sudo
enable sudo for oracle user
configuration files in linux
how to enable sudo log linux
linux disable ssh but allow su
enable wheel centos
“disable password” “sudo -u”
RHEL su disable apache
configuring sudo for remote user
centos disable su user
debian sudo disable root
linux enable permission all user
wat is the command for giving permissions for sudo user in solaris
disable root and setup sudo
prevent root file permission
disable root login sudo enable user debian
linux sudo allow user
redhat enable sudo
limit root access in solaris
sudo enable
enable root login for gnome in rhel
centos sulog
centos configuring sudo wheel
configure sudo access in red hat linux 5
linux remove wheel access
HP-UX sulog
linux enable sudo
enable sudo on rhel5
linux disable su
allow user to sudo on centos
disabling su Unix
sudoers permit access to system folders
sudo centos
how to get root on linux “no sudo”
give sudo rights to bash script
how to sudoers centos
how to allow a certain admin group su to root in RHEL5
ssh limit sudo
“PermitRootLogin no” “sudo passwd” remote
centos how to grant user sudo
sudo rhel
how to prevent root access in centos
how to set sudo access in solaris 10
centos sudo su terminal
sudo add user disallow root access
sudo rhel4
disable su centos
enabling su linux
remove sudo access for user
limit user rights linux
sudo remove access to sudo log
centos wheel permissions
pam remote access group rhel5
sudo remove access to a folder
hp disable su root
how to enable account lockout rhel5
how to enable su root
restrict unix root login hp
How to disable allow sudo user linux
redhat pam_access.so AD groups
rhel sudoers permission 440
centos disable root
sudo disable root
hp-ux disable remote root login pam
root login debian live
linux how to limit user to read only
sudo centos 5
sudo su root from php
sudo diallow su command
linux limit user permissions

Post to Twitter  Post to Delicious  Post to Digg    Post to StumbleUpon

Categories : Scripts Unix Tags : ,

Comments
September 10, 2009

I have got a debian live cd..

It works very well, but the hitch is that it dosent allow me to perform administrative tasks using sudo -s or anything..

Now I want to enable administrative rights for every new user who will be created in future..

Is there any way I do this ?

tried visudo, and it works for one user.

I want that all users get those admin rights..

Please help.

Posted by Zen
December 9, 2009

It was a great script sir. I learn a new function here, that is trigger_error() function. This script would help me much if i forgot which wordpress function i’ve ever modified using add_filter().

Thank you so much sir..

Posted by china phone
Leave a comment

(required)

(required)