Ever been granted sudo powers in a production server and accidentally ran sudo
shutdown -h now because you think you’re shutting down your own computer? Well,
I have (technically, it wasn’t a production server, but it’s running somewhere
and I can’t turn it back on myself), and it’s pretty embarassing because I’d
have to walk up to the Ops guy and ask him to reboot the server.
So, if you have been given sudo powers, make sure you use them wisely and
defensively. Thanks to this example, I’ve finally found out how to reliably
limit yourself from accidentally using those commands: by preventing yourself to
run those commands before thinking twice.
First, open up the /etc/sudoers file using visudo (do NOT use any
other text editor because visudo has a basic syntax check to make sure you
do not destroy your sudoers file).
$ sudo visudo
Go to the part where it has a lot of Cmnd_Alias snippets, and add the
Go to the “main part”, which is supposed to be the part where you give out
permissions to run certain commands to users. It should have something like
root ALL=(ALL) ALL. Add the following line (replace username with the
username you use to log in to the server):
root ALL=(ALL) ALL
username ALL=(ALL) ALL, !SHUTDOWN
Now, when you do sudo shutdown -h now, it should stop you from doing so.
If you really need to shutdown the server for any reasons, you have to go to
visudo to allow yourself to shutdown the server, so this will force you to
think twice before shutting it down. Neat, huh?