{"id":6810,"date":"2020-07-31T08:55:19","date_gmt":"2020-07-31T13:55:19","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=6810"},"modified":"2020-07-31T08:55:19","modified_gmt":"2020-07-31T13:55:19","slug":"what-can-i-sudo","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=6810","title":{"rendered":"What Can I sudo?"},"content":{"rendered":"<p>Some 90% of my Linux experience is on servers where I have root or root-equivalent access (i.e. I can sudo anything). In those cases, &#8216;what can I run under sudo&#8217; was never a question. And I&#8217;d use something like &#8220;sudo less \/etc\/sudoers&#8221; to inspect what someone else was able to run when they questioned their access. In my new position, we have a lot of servers that we own too &#8212; the Engineering IT support group lets us spin up our own VMs, do whatever we want (within reason). But we have a few IT-managed servers with very restricted rights. And the commands I would use to perform functions (think systemctl restart httpd) aren&#8217;t in my sudoers access list. Luckily you can list out what <em>you <\/em>can run under sudo:<\/p>\n<pre>$ sudo -l\r\n[sudo] password for useraccount:\r\nMatching Defaults entries for useraccount on this host:\r\nsyslog=auth, loglinelen=0, syslog_goodpri=info, syslog_badpri=err,\r\nlogfile=\/var\/log\/sudo.log\r\n\r\nUser useraccount may run the following commands on this host:\r\n(ALL) \/opt\/lampp\/lampp start, (ALL) \/opt\/lampp\/lampp stop, (ALL)\r\n\/opt\/lampp\/lampp restart, (ALL) \/usr\/sbin\/apachectl<\/pre>\n<p>And <b><i>that<\/i><\/b> is how I know to use apachectl instead of systemctl.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some 90% of my Linux experience is on servers where I have root or root-equivalent access (i.e. I can sudo anything). In those cases, &#8216;what can I run under sudo&#8217; was never a question. And I&#8217;d use something like &#8220;sudo less \/etc\/sudoers&#8221; to inspect what someone else was able to run when they questioned their &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[294,1065],"class_list":["post-6810","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-linux","tag-sudo"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/6810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6810"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/6810\/revisions"}],"predecessor-version":[{"id":6811,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/6810\/revisions\/6811"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}