Safer Linux administration with sudo
The root account is all powerful in Linux. As humans make mistakes it is very dangerous to use root on a regular basis. By using sudo you can limit the risk of human error and prevent mistakes from happening.
Using root in Linux ¶
The root account in Linux can do anything - view all files, run all tasks, kill processes, see all logs, erase hard drives. Root is god. Many Linux users are happy to login as root and administer servers as root. But humans are prone to making mistakes and using root can lead to major problems. This article is written for Centos 5.x but also applies to most common Linux distributions. The usual disclaimer applies - use at your own risk.
Here is an example scenario: I am working on two servers - one is my local development server and the other my production server, hosting live client sites. I have been creating a backup script and testing it on my local server before I put it live onto the production server. The script has been thoroughly tested so I move it onto the production server. At the end of the day I shut down my development server. In my terminal window as root I type “poweroff”. The server is shut down. Great - I can go and relax now.
The next morning I receive phone calls from several clients who inform me that their website is down. How can that be? I have a very stable and secure server that has been up for over 200 days! I attempt to log in to the server and nothing - it is dead. I call the hosting company and whilst on the phone I hear the fan of the development server. I realise I have used poweroff on the live production server rather than the development server.
Human Error ¶
Well that is stupid I hear you say! It is your fault. True it is my fault. Humans make errors and that was a big one. I cannot guarantee that I will not do it again but luckily for me there is a way to limit the impact of human error in Linux. This is sudo. Sudo lets users who are not root perform actions as root. Isn’t that a bit dangerous? Yes it is very dangerous so you should be careful how you use it. Used correctly though it can remove the possibility of incorrectly shutting down a server.
How sudo works ¶
Sudo allows user accounts to perform actions as root. You can limit what user accounts can do so it is possible to be very focussed about what users are and aren’t allowed to do. For example if I allow the user account mickey to restart apache mickey can do so with the following commands:
[mickey@mybox ~]$ sudo /etc/init.d/httpd restart Password: #mickey's password entered Stopping httpd: [ OK ] Starting httpd: [ OK ]
Apache is restarted. Without being root mickey has been able to restart apache. Furthermore a log of all sudo actions is kept in /var/log/messages so we can see who has used sudo and for what.
Jun 13 08:36:26 mybox sudo: mickey : TTY=pts/0 ; PWD=/home/mickey ; USER=root ; COMMAND=/etc/init.d/httpd restart
Limiting risk ¶
Perhaps sudo’s most powerful feature is the ability to only allow users to perform certain tasks as root. This means you can limit precisely what users can do, meaning the you can be sure that particular users cannot perform certain tasks. This is precisely what we need to prevent shutting down the wrong box as root. Instead of using root we administer the server with a regular account with sudo permissions for everything we need but not for poweroff.
For example we will try and poweroff the server as mickey.
[mickey@mybox ~]$ sudo poweroff Sorry, user mickey is not allowed to execute '/usr/bin/poweroff' as root on mybox.
Great we have prevented human error from occuring!
Setting up permissions ¶
To set up permissions for who can do what with sudo we need to login as root
su - root Password: #enter your root password
Then we use visudo to edit the sudo file.
This is the configuration for sudoers. Here we define the commands that we want to allow sudoers to be allowed to execute and who should be able to use them. Lets say we want to allow mickey to administer Apache, MySQL, Yum and to view all log files. Under the Command Aliases section we need first to define the commands that we want to make available.
To make administration easier we can define user aliases. First we add mickey into the alias WEBSERVERADMIN
User_Alias WEBSERVERADMIN = george
Then we define the services we want to allow sudoers to have access to:
Cmnd_Alias APACHE = /etc/init.d/httpd start, /etc/init.d/httpd stop, /etc/init.d/httpd restart, /etc/init.d/httpd graceful, /etc/init.d/httpd configtest Cmnd_Alias MYSQL = /etc/init.d/mysqld start, /etc/init.d/mysqld stop, /etc/init.d/mysqld restart Cmnd_Alias VIEW = /bin/cat, /bin/grep, /bin/more, /usr/bin/head, /usr/bin/tail, /usr/bin/less Cmnd_Alias YUM = /usr/bin/yum update, /usr/bin/yum info, /usr/bin/yum remove
Finally we give the user alias permissions to use the commands
WEBSERVERADMIN ALL= APACHE, MYSQL, VIEW, YUM
Hit :wq to save the file and you are all set. So now anyone in the WEBSERVERADMIN user alias will be allowed to use any of the commands defined in Cmnd_Alias when using sudo. This is exactly what we want. The user mickey can now safely administrate the web server using sudo but not shut the server down by mistake.
Can you help make this article better? You can edit it here and send me a pull request.
Prevent your SSH connection from freezing
Recently I was finding that my SSH connection to a Media Temple (dv) Centos 5 server was freezing. Creating a local config file fixed it. For anyone else suffering the same problem here's how to do it.
Automating backups with Amazon S3 on Linux
A tutorial on how to back up files on Linux using Amazon's S3 service. The end result is a cost-effective synchronised remote backup service.
Using Shared Keys with SSH on Centos 5
Shared Keys add an additional security level to using SSH and if you choose not to use a password you can automate logging in via SSH. It also allows you to completely negate brute force password cracking attempts if you disable password authentication.