How To: configure sudo on ESX

Well you have been playing with your console and finally got fedup of typing su - root to get to those esxcfg commands,  well you can automate it to do so you need to configure sudo

What the sudo command allows is to let a standard user execute a command as root or another user, as specified in the /etc/sudoers file (the config file that defines or lists who can run what).

sudo command

one benefit of sudo is that it is more more secure than su command.  For example by default it logs sudo usage, command and arguments in /var/log/secure, however you can forward this to a syslog server review my post on how to configure a syslog server for ESX.

Now if the invoking user is root or if the target user is the same as the invoking user then no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default. Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

Usage /etc/sudoers Syntax

Following is the general syntax used by /etc/sudoers file:
USER HOSTNAME=COMMAND
Where,

  • USER: Name of normal user
  • HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
  • COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify “” to indicate that the command may only be run without command line arguments.

How do I use sudo?

OK so we have a standard user called thowarth, who attemps to issue the esxcfg-vswif -l command to list the details about the Service Console

sudo-standard

So we issue the command and no supprises there the standard “command not found” is returned.  So the next attempt we issue the command again but this time piping it via sudo

sudo-normal

the first time you use this command you receive a wonderful little message, and a password prompt,  we enter the correct password and the command runs :D, well no what actually happens is we get an error response as show below.

sudo-error

opps looks like Tom will be getting a visit from the log police :-S

So how exactly do we get to utilise the command with your actually logging in a root or a privileged user,  well firstly we need to edit the /etc/sudoers file,   so log into the service console as root and issue the command visudo  this will load the config file into vi

press the “i” key to enter insert mode.

Enter the line as shown below,.

visudo

Once this has been done press the “esc” key and then issue “:w” to write out the file and then :q to quit back to the console.

Log out of the console as root and relogin as thowarth. and issue the command again

sudo-correct

This time the password prompt is displayed and once entered correctly the command runs as expected.

So now you need to populate the /etc/sudoers file with all the rest of the necessary files.  Well no the easiest way to allow users full access to elevated commands is to reopen the /etc/sudoers file with visudo and remove the hash comment from the line as shown below

sudoer-wheel

Save the file out and then add your user to the wheel group.

One thought on “How To: configure sudo on ESX

  1. Pingback: Top 5 Planet V12n blog posts week 52 | VMvisor

Comments are closed.