Petite introduction rapide et minimaliste \u00e0 \u00ab\u00a0sudo\u00a0\u00bb pour pouvoir faire les apt-get update\/upgrade du matin depuis un compte standard (non-root), sans faire un \u00ab\u00a0su\u00a0\u00bb \u00e0 chaque fois. Il s’agit \u00e0 travers cet exemple de montrer le B-A.BA de \u00ab\u00a0sudo\u00a0\u00bb.<\/p>\n
D’abord, l’installer :<\/p>\n
apt-get install sudo<\/pre>\nEnsuite, il faut param\u00e9trer le fichier \u00ab\u00a0
\/etc\/sudoers<\/code>\u00a0\u00bb (sudoers <=> ceux qui peuvent faire du sudo).
\nAfin de garantir le bon \u00e9tat de ce fichier, il est recommand\u00e9\/obligatoire d’utiliser la commande \u00ab\u00a0visudo\u00a0\u00bb (appel\u00e9e depuis n’importe o\u00f9 et sans argument), commande qui pose un verrou sur le fichier.<\/p>\nVoici un exemple comment\u00e9 permettant d’autoriser un groupe d’utilisateurs non-root \u00e0 faire notamment un \u00ab\u00a0
apt-get xxx<\/code>\u00a0\u00bb sans avoir \u00e0 \u00eatre root (disons, \u00e0 conna\u00eetre son mot de passe et\/ou devoir se logger root).<\/p>\nAttention, une \u00e9tourderie dans ce fichier et c’est la porte ouverte au n’importe quoi<\/strong>.<\/p>\n
# \/etc\/sudoers\r\n#\r\n# This file MUST be edited with the 'visudo' command as root.\r\n# ^^^^ puisque je vous le disais !<\/strong>\r\n# See the man page for details on how to write a sudoers file.\r\n#\r\n\r\nUser_Alias ADMINS = mon_compte, manu, larcenet\r\n# On cr\u00e9e un groupe ADMINS qui contient quelques utilisateurs qui auront des autorisation particuli\u00e8res<\/i><\/strong>\r\n\r\nHost_Alias LOC = localhost, 127.0.0.1, mon_hostname, un_alias\r\n# On cr\u00e9e un groupe de machines depuis lesquelles on autorisera le lancement de telle ou telle commande<\/i><\/strong>\r\n\r\nCmnd_Alias REBOOT_AND_CO = \/sbin\/halt, \\\r\n \/sbin\/shutdown, \\\r\n \/sbin\/reboot\r\n# On cr\u00e9e un premier groupe de commandes\r\n# Le \\ sert \u00e0 indiquer que le groupe continue sur la ligne suivante. La virgule marque la fin de la commande autoris\u00e9e.<\/i><\/strong>\r\n\r\nCmnd_Alias APTGET = \/usr\/bin\/apt-get\r\n# Un autre groupe de commande<\/i><\/strong>\r\n\r\nCmnd_Alias DIVERS = \/usr\/sbin\/iftop\r\n# Encore un<\/i><\/strong>\r\n\r\nADMINS LOC = NOPASSWD: APTGET\r\n# Les utilisateurs du groupe ADMINS peuvent lancer depuis les machines du groupe LOC les commandes du groupe APTGET sans avoir besoin de mot de passe. Voyez la doc pour tous les mots-clefs possibles.<\/i><\/strong>\r\n\r\nADMINS LOC = NOPASSWD: DIVERS\r\n\r\n# User privilege specification\r\nroot ALL=(ALL) ALL\r\n# Et le root peut tout faire depuis n'importe o\u00f9<\/i><\/strong><\/pre>\nIl faut noter que lorsqu’on d\u00e9clare une commande, exemple
APT-GET = \/usr\/bin\/apt-get<\/code>, \u00e7a sous-entend \u00ab\u00a0tout ce qui commence textuellement parapt-get<\/code>. Vous pourriez restreindre par exemple avec \u00e7a :<\/p>\nCmnd_Alias APTGET_RESTREINT = \/usr\/bin\/apt-get install<\/pre>\nPig\u00e9 ? Bon, ben yapuka.<\/p>\n","protected":false},"excerpt":{"rendered":"
Petite introduction rapide et minimaliste \u00e0 \u00ab\u00a0sudo\u00a0\u00bb pour pouvoir faire les apt-get update\/upgrade du matin depuis un compte standard (non-root), sans faire un \u00ab\u00a0su\u00a0\u00bb \u00e0 chaque fois. Il s’agit \u00e0 travers cet exemple de montrer …<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,387,82],"tags":[],"class_list":["post-45","post","type-post","status-publish","format-standard","hentry","category-debian","category-ligne-de-commande","category-pl"],"yoast_head":"\n
\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko\" \/>\n<meta property=\"og:description\" content=\"Petite introduction rapide et minimaliste \u00e0 \u00ab\u00a0sudo\u00a0\u00bb pour pouvoir faire les apt-get update\/upgrade du matin depuis un compte standard (non-root), sans faire un \u00ab\u00a0su\u00a0\u00bb \u00e0 chaque fois. Il s’agit \u00e0 travers cet exemple de montrer …\" \/>\n<meta property=\"og:url\" content=\"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/\" \/>\n<meta property=\"og:site_name\" content=\"Le blog de Michauko\" \/>\n<meta property=\"article:published_time\" content=\"2007-07-05T09:01:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2009-10-08T13:30:08+00:00\" \/>\n<meta name=\"author\" content=\"michauko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"michauko\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/\"},\"author\":{\"name\":\"michauko\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"headline\":\"\u201csudo\u201d, en quelques mots par un exemple\",\"datePublished\":\"2007-07-05T09:01:33+00:00\",\"dateModified\":\"2009-10-08T13:30:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/\"},\"wordCount\":177,\"commentCount\":0,\"articleSection\":[\"Debian\",\"ligne de commande\",\"planet-libre.org\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/\",\"name\":\"\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\"},\"datePublished\":\"2007-07-05T09:01:33+00:00\",\"dateModified\":\"2009-10-08T13:30:08+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/sudo-en-quelques-mots-par-un-exemple-45\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u201csudo\u201d, en quelques mots par un exemple\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\",\"name\":\"Le blog de Michauko\",\"description\":\"Si tu ne comprends pas le titre de l'article, passe ton chemin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/michauko.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\",\"name\":\"michauko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"caption\":\"michauko\"},\"sameAs\":[\"http:\\\/\\\/michauko.org\\\/\"],\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/author\\\/randomized2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/","og_locale":"fr_FR","og_type":"article","og_title":"\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko","og_description":"Petite introduction rapide et minimaliste \u00e0 \u00ab\u00a0sudo\u00a0\u00bb pour pouvoir faire les apt-get update\/upgrade du matin depuis un compte standard (non-root), sans faire un \u00ab\u00a0su\u00a0\u00bb \u00e0 chaque fois. Il s’agit \u00e0 travers cet exemple de montrer …","og_url":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/","og_site_name":"Le blog de Michauko","article_published_time":"2007-07-05T09:01:33+00:00","article_modified_time":"2009-10-08T13:30:08+00:00","author":"michauko","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"michauko","Dur\u00e9e de lecture estim\u00e9e":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/#article","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/"},"author":{"name":"michauko","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"headline":"\u201csudo\u201d, en quelques mots par un exemple","datePublished":"2007-07-05T09:01:33+00:00","dateModified":"2009-10-08T13:30:08+00:00","mainEntityOfPage":{"@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/"},"wordCount":177,"commentCount":0,"articleSection":["Debian","ligne de commande","planet-libre.org"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/","url":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/","name":"\u201csudo\u201d, en quelques mots par un exemple - Le blog de Michauko","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/#website"},"datePublished":"2007-07-05T09:01:33+00:00","dateModified":"2009-10-08T13:30:08+00:00","author":{"@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"breadcrumb":{"@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/michauko.org\/blog\/sudo-en-quelques-mots-par-un-exemple-45\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/michauko.org\/blog\/"},{"@type":"ListItem","position":2,"name":"\u201csudo\u201d, en quelques mots par un exemple"}]},{"@type":"WebSite","@id":"https:\/\/michauko.org\/blog\/#website","url":"https:\/\/michauko.org\/blog\/","name":"Le blog de Michauko","description":"Si tu ne comprends pas le titre de l'article, passe ton chemin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/michauko.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9","name":"michauko","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","caption":"michauko"},"sameAs":["http:\/\/michauko.org\/"],"url":"https:\/\/michauko.org\/blog\/author\/randomized2\/"}]}},"_links":{"self":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/45","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/comments?post=45"}],"version-history":[{"count":3,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/45\/revisions"}],"predecessor-version":[{"id":803,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/45\/revisions\/803"}],"wp:attachment":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media?parent=45"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/categories?post=45"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/tags?post=45"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}