visudo to allow userA to run any command with : SUDO
(below commend line append the following after te comment #includedir /etc/sudoers.d)
userA ALL=(ALL) NOPASSWD:ALL
root@server:~# visudo
|
Command |
Root to user | User to root | Any to any user | Auth type | Log file | Remark |
|---|---|---|---|---|---|---|
| runuser | Y | N | N | None | N/A | As runuser doesn’t run auth and account PAM hooks, it runs with lower overhead than su. |
| su | Y | Y | Y | Target user’s password | /var/log/auth.log or /var/log/secure | You must share your password or root password with other users. |
| sudo | Y | Y | Y | Authenticates users against their own password rather than that of the target user. | /var/log/auth.log or /var/log/secure | Allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands. |
-
File Permissions
-
r
- read
-
w
- write
-
x
- execute for ordinary files
- pass through for directories
-
s – executing as a owner of the file, this permission is for games (EX: chmod ug+s test.t)
-
on executable file
- set user id
- set group id
-
on directory
- set group id
-
on executable file
-
t – means only you can delete file;), EX: chmod 1777 test.t , “1” – means stuky bit. ALSO possible, 2777, 3777, 4777, S (is no x permissions),s(no x permissions), T,t SST, sst – can be only such sequence
- sticky bit
-
r
-
Default permissions are set by
- umask
-
Command to change permissions
- chmod
-
Other commands
- id
- chown
- chgrp
-
File Attributes
- lsattr
-
chattr + a test.txt
- a -> append mode for writing
- c -> kernel will compress/uncompress automatically
- D -> directory changes are written synchronously onto disk
- d -> do not backup when dumped with dump(8)
- E -> flag stating compression error occurred
- e -> flag stating file is using extends for mapping blocks on disk
- I -> flag indicates directory is indexed using hash trees
- H -> flag indicates blocks used to store file, not sectors
- i -> immutable bit (impossible to do anything, until root do that)
- j -> on ext3 data is written to journal before disk
- s -> data is zeroed out when deleted
- S -> changes to file are written synchronously when file is modified
- T -> indicates directory is top of a hierarchy
- t -> disable tail-merging
- u -> if set, deleted file contents are saved and can be recovered
- X -> flag indicating compressed files raw contents can be accessed directly
- Z -> flag indicating compressed file is dirty
-
Access Control Lists
- Use getfacl to view file ACLs
-
Use setfacl to change file ACLs
- setfacl -m u:lisa:r file
- setfacl -m m::rx file
- getfacl file1 | setfacl --set-file=- file2
- getfacl --access dir | setfacl -d -M- dir
-
-
Linux Logging and Log Files
- history file
- kernel ring buffer (dmesg)
- syslogd - the system logger daemon
- login records (utmp, wtmp)
- /var/log/messages
- logger command
-
Linux Archives and Compression
- Tar
-
Linux Logging and Log Files
tar cvzf mytar.tar.gz myFolder
tar xvzf mytar.tar.gz
c - create
x - extract
z - use gqip compression
j - use bzip2 compression
f - name of file
gzip myFile ==> myFile.gz
gzip -d myFile.gz ==> myFile
ypcat password | awk | sort
-
Terminology
- Trunk - the unique line of development that is not a branch (sometimes also called Baseline or Mainline)
- Commit - the action of writing or merging the changes made in the working copy back to the repository
- Branch - a duplicate of a file that undergoes its own line of development
-
RCS Commands
- ci - check in a program
- co - check out a program
- rcsdiff - difference (delta) between two programs (versions)
- rcsmerge - merge separate reviosion branches together
- rlog - display log information
- rcsclean - removes files that are not being worked on
- ident - identify RCS keyword strings in files
- rcs - change RCS file attributes
- rcsfreeze - freeze a configuration of sources