The translation is temporarily closed for contributions due to maintenance, please come back later.
English Sinhala
Additional Resources
Administrators wanting to edit the [command]#sudo# configuration file, `/etc/sudoers`, should use the [command]#visudo# command.
After you add the desired users to the `wheel` group, it is advisable to only allow these specific users to use the [command]#su# command. To do this, edit the PAM configuration file for [command]#su#, `/etc/pam.d/su`. Open this file in a text editor and uncomment the following line by removing the `#` character:
Another advantage of the [command]#sudo# command is that an administrator can allow different users access to specific commands based on their needs.
#auth required pam_wheel.so use_uid
Because this program is so powerful, administrators within an organization may want to limit who has access to the command.
By default, [command]#sudo# stores the sudoer's password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt the user for a password. This could be exploited by an attacker if the user leaves their workstation unattended and unlocked while still being logged in. This behavior can be changed by adding the following line to the `/etc/sudoers` file:
Change the Account Type from `Standard` to `Administrator`. This will add the user to the `wheel` group.
Click a user icon in the left column to display the user's properties in the right-hand pane.
[command]#sudo /bin/bash#
[command]#sudo# _command_
Defaults timestamp_timeout=pass:quotes[_value_]
Each successful authentication using the [command]#sudo# command is logged to the file `/var/log/messages` and the command issued along with the issuer's user name is logged to the file `/var/log/secure`. If additional logging is required, use the `pam_tty_audit` module to enable TTY auditing for specified users by adding the following line to your `/etc/pam.d/system-auth` file:
Gaining Privileges
If a sudoer's account is compromised, an attacker can use [command]#sudo# to open a new shell with administrative privileges:
Important
Installed Documentation
In the above example, _command_ would be replaced by a command normally reserved for the `root` user, such as [command]#mount#.
In the previous command, replace _username_ with the user name you want to add to the `wheel` group.
juan ALL=(ALL) ALL