Follow ZDNET: Add us as a favorite source On Google.
Key takeaways of zdnet
- Sudo is a powerful but incomplete Linux device.
- These tips can help in making the pudding easier and safe.
- Always use caution when monkeys with curb.
I started using Linux before the arrival of Sudo. After this, at any time I needed to run the administrator work, I had to do first Su For the root user, run the task, and then exit the root user. Because the root was capable, some users simply log in to the root and a standard user will fully abandon the account. This is a security risk that no one should take.
And then the Sudo Command came.
Also: 7 most Windows – Lyc Linux Distros – If you are ready to dig Microsoft
Sudo is a device that temporarily enhances standard users to organize privileges so that they can run the command Get upgrade Without inviting the root user. In fact, the sudo makes it possible to disable the root account, which is good for safety.
But the curb is not correct. Here are five ways to improve the curvy and make your Linux life a little easier.
1. Use Visudo to edit the Sudo Configuration File
Sudo has a configuration file, which is /etc /sudoers. This is where you can configure the sudo for things like limited access, user or group access, and more. The thing is that, you do not want to edit the Sudoers file using a standard text editor (eg nano). The reason for this is that if you fuber the Sudors file, you can be unable to run any high task (such as editing the supers file to fix the problem). To avoid this, use Visudo (Sudo VijudoThe Visudo Tool always confirms any changes you have. If there is any problem, Visudo will tell you and prevent you from saving the perverted file.
2. Prevent unlimited access to users
You probably don’t want all your users to have access to every administrator command. For example, you can prevent users from removing administrator-protected files (eg /etc.) to preserve the stability of their system (ie, prevent users from breaking it). To do this, you configure users or groups in the Sudoers File! Character. For example, if you want to block a specific user from running RM command, you will add such a line:
User Name All = (All)!/UsR/BIN/RM
Where the user name is the user’s name.
Too: Want to learn Linux? These 5 games make it fun – and they are free
It can also be used for groups.
3. Grant access to groups rather than Sudo users
Talking about groups, it is always easy to manage privilege and access to groups rather than long list of users. Consider this: You have five family members who reach a Linux machine, and you want to stop using them all RM Permission. You can create group criteria (no RM), all five users can add to that group, and then provide access to the group that you did above (using the group name only instead of the user name).
4. Do not provide all original privileges
Most users do not realize that it can be a safety issue to provide all the original privileges to all users. What happens if you have access to a user account on your system? If he knows the password of the intruder user, they can run any command that requires curb access. Providing all root privileges to a user looks like this in the Sudoers file:
User name all = (all: all) all
Where the user name is the user name in the question question.
Also: New for Linux? 5 Desktop environment I recommend you to try first – and why
Instead, provide access to specific directors that are not /sbinWhich includes several executable binergies for administrator functions. Instead, you may want to limit that user/UsR/Sbin/,/USR/BIN, and/Opt/:
User all = (all) passwd:/usr/sbin/,/usr/bin/,/opt/
Pay attention to the follower “/” for each directory, which is necessary.
5. Enable Asterisks while typing Sudo Password
It falls in a “Make Sudo easy” category. Sometimes, when I type my user password, I don’t know if I got it right or not. If I know how many characters I have typed, at least I can make an educated guess whether I have typed the correct number of characters or not. At the same time, I can kill a key on my keyboard in such a way that it is not registered. If I enable asterisks while typing, I know that the key is registered.
To enable asterisks when typing the Sudo password, open the Sudo Config File (Sudo Vijudo) And replace the following line:
Defaults env_reset
To:
Defaults env_reset, pwfeedback
Now, when you type your SUDO password, you will see a beach for each typed character.
6. Increase password timeout
When you type your Sudo password, you will not have to type it again for a fixed period of time. Each distribution may have a different idea what that timeout should be, but you cannot think that it is quite long. If you are the only one that uses your Linux machine, and you often run the administrator command, you may want to expand that timeout, say, 30 minutes. To do this, run Sudo Vijudo To command and go back Defaults env_reset Line. Change that line, so it seems:
Defaults Env_reset, Timestamp_Timeout = xx
Where there is time in XX minutes. For example, to replace that time for 30 minutes, the line will look like this:
Defaults env_reset, Timestamp_Timeout = 30
7. Enable insult to wrong password efforts
This is only for entertainment. If you type your SUDO password incorrectly, you can enable it in such a way that it will insult you when you do. Insults are all good fun, so you do not have to worry that Sudo will know which buttons you have to push to make a spiral. To add this feature, the sudoers go back like a file and lapse. Change that line to look like this:
Defaults env_reset, insulting
Also: How much RAM really does your Linux PC really need in 2025? I did mathematics
If you have decided to add other features, the line can look like this:
Defaults Env_reset, PWFEEDBACK, TIMESTAMP_TIMEOUT = 30, insult
Now, Sudo will be a little fun with you.
