visudo
To enable only a certain command for a user
username hostname=/etc/init.d/tomcat6 restart ubuntu mycpu.domain.com=/sbin/halt
linux-enable-super-user-sudoers-file
/etc/sudoers
must be edited with visudo as root or use "su - visudo"
"disable root" is by creating another user with root/sudo privileges
User privilege specification
root ALL=(ALL) ALL username ALL=(ALL) ALL
http://www.linuxhelp.net/guides/sudo/ http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:Ch09:_Linux_Users_and_Sudo
general format usernames/group servername = (usernames command can be run as) command NOTE: The keyword ALL can mean all usernames, groups, commands and servers.
online man page for visudo / sudoers http://linux.die.net/man/5/sudoers
The super user with unrestricted access to all system resources and files in Linux is the user named root. This user has a user ID, of 0 which is universally identified by Linux applications as belonging to a user with supreme privileges. You will need to log in as user root to add new users to your Linux server.
Debian Note: When installing Ubuntu Linux systems, you are prompted to create a primary user that is not root. A root user is created but no password is set, so you initially cannot log in as this user. The primary user can become the root user using the sudo su - command that will be discussed later.
NOTE: to further secure your system disable the root user ability to login /etc/ssh/sshd_config
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
/etc/init.d/ssh reload /etc/init.d/ssh restart
BAD IDEA! /etc/passwd root:x:0:0:root:/root:/sbin/nologin
ALSO BAD! changing the uid of a user to 0 or changing root's uid to 10034
DELETING IS BAD! no one su to root, it's actually gone everything that used to run as uid 0 will act crazy
INSTEAD: passwd -l root //this disables the root account ala ubuntu
http://linuxshellaccount.blogspot.com/2008/07/unconfusing-issue-of-disabling-root-on.html
$ echo $PS1 [\u@\h \W]\$ u=username h=hostname W=working directory
.bash_profile .bashrc