Sudo on Fedora 15

Sudo allows users to run commands as root while logging the command and its arguments.

In short, sudo first authenticates a user using their own password, then checks /etc/sudoers to see what sudo permissions (if any) the user has, then executes and logs the command if the user is allowed.

This is the preferred way to run commands as root for a few reasons:

  1. You do not need to give out the root password to users.
  2. You can limit which commands a user can run as root.
  3. All sudo commands are logged.

To use sudo on Fedora 15, first make sure the package is installed:

bash$ rpm -q sudo

If it is not installed, su to root and install the package.

bash$ su -
root# yum install sudo

Next, edit the sudo configuration file by using the visudo command. Visudo locks the /etc/sudoers file against simultaneous edits, provides sanity checks, and checks for configuration errors. Avoid directly editing the /etc/sudoers file.

root# visudo

You will see that there are a variety of options, but let’s look at this line which is enabled on Fedora 15 by default:

%wheel	ALL=(ALL)	ALL

This means that all users in the wheel group can run all commands as root on all systems that this sudoers file lives on. The sudoers file is designed so that you can have a single configuration live on various hosts and allow or disallow users by hostname.

Since this line is enabled in sudoers, quit visudo by exiting the editor and check what groups your username belongs to. In this example, my username is victor.

root# groups victor
victor : victor

In order to give the user full access to root using sudo, add the user to the wheel group.

root# usermod -a -G wheel victor
root# groups victor
victor : victor wheel

Next, logout of the root shell.

root# logout

Now, as your user, you can use sudo to run commands as root. The first time you run sudo, some warnings and advice will be printed to the screen.

bash$ sudo /usr/bin/test

Type in your password (not the root password), and you will successfully run /usr/bin/test as root. If the default configuration is kept, sudo will not prompt a user for their password until after 5 minutes from their last sudo command.

By default (on Fedora 15), sudo logs its usage into /var/log/secure by configuration of /etc/sudoers and /etc/rsyslog.conf. Normally, you need root permissions to read /var/log/secure, but now that you have sudo access, you can read the file. Read the sudo logs with something like this:

bash$ sudo grep sudo /var/log/secure

Finally, see /etc/sudoers and the SUDOERS(5) man page for syntax on how to configure access rights for users based on group, command and hostname.

bash$ less /etc/sudoers
bash$ man sudoers

Airprint on Fedora 15

It is possible to AirPrint from your iPhone or iPad to your network attached (or USB) printer using Fedora 15 and CUPS. No additional software on your iPhone is needed, you just need to make sure Avahi, CUPS and your Firewall is configured properly.

First, make sure you have Avahi and CUPS installed. These are part of the default installation, so you should have some version of them installed.

bash$ rpm -q cups avahi

Additionally, If you are running Gnome3 and find that the System Settings -> Printers lacks some configuration options, use the Fedora system-config-printer tool from the command line to configure your printers. The Gnome3 interface under System Settings -> Printers will see the configurations you make with system-config-printer.

If you don’t have the packages you need installed, use YUM to install them:

bash$ sudo yum install cups avahi system-config-printer

If you had to install the packages, make sure that CUPS and Avahi are started and enabled to start on boot. Otherwise, skip this step.

bash$ for SERVICE in cups avahi; do
> /sbin/chkconfig $SERVICE on
> /sbin/service $SERVICE start
> done

First, you will need your printer to be installed and configured on the Fedora 15 system. Do this with System Settings -> Printers or system-config-printer. If your printer is already installed and working, skip this step.

bash$ sudo system-config-printer

Once your printer is installed and working, note it’s name in CUPS. For instance, my printer is called Epson.

bash$ lpstat -p
printer Epson is idle.  enabled since Sun 02 Oct 2011 08:20:54 PM EDT
                	Ready to print.

Next, you will need to configure your printer with Avahi (a system which facilitates service discovery on your local network). Do this by editing a new service file under /etc/avahi/services. In this example, I name the file printer.service, but any name will work.

bash$ sudo vim /etc/avahi/services/

Now, insert this XML into the file making sure to change ‘Epson’ to your printer name as listed in lpstat -p. Feel free to also change the options for your printer in the various <txt-record> entries.

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
            <txt-record>product=virtual Printer</txt-record>