Sudo - vagrant and tcpdump

2020, Dec 09    

I have a strained relationship with sudo. It is a wok-induced problem. Too many student have not read the error messages and just added sudo to solve whatever issue.

This often results in more and more sudo usage since user files become more and more owned by root.

So, I prefer login in a root instead of using sudo.

sudo does have its uses.

Allow administrator to run tcpdump

Normally, tcpdump requires root permissions when used for sniffing traffic on interfaces.

For me administrators are in the adm group, so I do this

# cat /etc/sudoers.d/tcpdump
%adm ALL=NOPASSWD:/usr/sbin/tcpdump

which allows people in the adm group to run sudo tcpdump without typing passwords.

vagrant and NFS

Using vagrant, I mount folders using NFS. There is an official guide for this.

# cat /etc/sudoers.d/vagrant
Cmnd_Alias VAGRANT_EXPORTS_CHOWN = /bin/chown 0\:0 /tmp/*
Cmnd_Alias VAGRANT_EXPORTS_MV = /bin/mv -f /tmp/* /etc/exports
Cmnd_Alias VAGRANT_NFSD_CHECK = /etc/init.d/nfs-kernel-server status
Cmnd_Alias VAGRANT_NFSD_START = /etc/init.d/nfs-kernel-server start
Cmnd_Alias VAGRANT_NFSD_APPLY = /usr/sbin/exportfs -ar
%adm ALL=(root) NOPASSWD: VAGRANT_EXPORTS_CHOWN, VAGRANT_EXPORTS_MV, VAGRANT_NFSD_CHECK, VAGRANT_NFSD_START, VAGRANT_NFSD_APPLY

Again, this is something for administrators. I like the part about having very specific commands that are allowed to be run.

I would not have this on an NFS server, though.

Share on Twitter
# Sudo # Tcpdump # Vagrant