まずはパッケージのインストール。
# apt-get install sudo Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: sudo 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 836 kB of archives. After this operation, 1,624 kB of additional disk space will be used. Get:1 http://security.debian.org/ wheezy/updates/main sudo i386 1.8.5p2-1+nmu2 [836 kB] Fetched 836 kB in 2s (346 kB/s) Selecting previously unselected package sudo. (Reading database ... 46093 files and directories currently installed.) Unpacking sudo (from .../sudo_1.8.5p2-1+nmu2_i386.deb) ... Processing triggers for man-db ... Setting up sudo (1.8.5p2-1+nmu2) ...
デフォルト設定の確認。設定ファイルは /etc/sudoers。設定内容は sudo -l でも見れる。
# grep -v -e '^$' -e '#' /etc/sudoers
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL
# sudo -l
Matching Defaults entries for root on this host:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User root may run the following commands on this host:
(ALL : ALL) ALL
existinguser を sudo グループに所属させる。
# id existinguser
uid=1000(existinguser) gid=1000(existinguser) groups=1000(existinguser),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),103(netdev)
# usermod --append --groups sudo existinguser
# adduser existinguser sudo
# id existinguser
uid=1000(existinguser) gid=1000(existinguser) groups=1000(existinguser),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),103(netdev)
# su - existinguser
$ sudo -l
Matching Defaults entries for existinguser on this host:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User existinguser may run the following commands on this host:
(ALL : ALL) ALL
ログファイルをみると以下のようなメッセージがあるとわかる。
$ grep sudo /var/log/auth.log (snip) *** ** 07:09:22 ********* sudo: existinguser : TTY=pts/2 ; PWD=/home/existinguser ; USER=root ; COMMAND=/bin/cat /etc/sudoers.d/README *** ** 07:09:22 ********* sudo: pam_unix(sudo:session): session opened for user root by existinguser(uid=0) *** ** 07:09:22 ********* sudo: pam_unix(sudo:session): session closed for user root (snip)
以下は失敗例。
$ sudo vi /etc/motd [sudo] password for existinguser: Sorry, try again. [sudo] password for existinguser: Sorry, try again. [sudo] password for existinguser: Sorry, try again. sudo: 3 incorrect password attempts $ grep sudo /var/log/auth.log (snip) *** ** 07:18:58 ********* sudo: pam_unix(sudo:auth): authentication failure; logname=existinguser uid=1000 euid=0 tty=/dev/pts/3 ruser=existinguser rhost= user=existinguser *** ** 07:19:08 ********* sudo: existinguser : 3 incorrect password attempts ; TTY=pts/3 ; PWD=/home/existinguser ; USER=root ; COMMAND=/usr/bin/vi /etc/motd (snip)