Initial Settings : Sudo Settings
Configure Sudo to separate users' duty if some people share privileges. It does not need to install sudo manually because it is installed by default even if Minimal installed environment. [1]. Transfer root privilege all to a user. [root@dlp ~]# visudo # add to the end: user [cent] can use all root privilege cent ALL=(ALL) ALL # how to write ⇒ destination host=(owner) command # verify with user [cent] [cent@dlp ~]$ /usr/bin/cat /etc/shadow /usr/bin/cat: /etc/shadow: Permission denied # denied normally [cent@dlp ~]$ sudo /usr/bin/cat /etc/shadow Password: # user's own password ..... ..... chrony:!!:18163:::::: tcpdump:!!:18163:::::: # just executed [2]. In addition to the setting of [1], set some commands prohibit. [root@dlp ~]# visudo # line 49: add # for example, set aliase for the kind of shutdown commands Cmnd_Alias SHUTDOWN = /usr/sbin/halt, /usr/sbin/shutdown, \ /usr/sbin/poweroff, /usr/sbin/reboot...