The file /etc/sudoers, has the rules that users have to follow when using sudo command.
If you are (or was) running Ubuntu, you may know that by default the root account is not usable in Ubuntu, because it has no password, you may assign one and use it as in every other Linux, but that is another story. On normal Ubuntu Linux machines you need to use sudo command to perform operations as root.
I like that approach, and even though I am using Debian, I always give my account root rights, so I can run commands as root without changing to root.
Comics from XKCD
As you can see from this funny picture, using sudo makes your system reacts as if was another user who are given the order.
Two of the best advantages about using sudo are:
- Restringed privileges
- Logs of the actions done by users
Well but in order to use sudo we first need to configure the sudoers file.
Do not edit directly the file
To edit it, use the command
You will see a file more or less like this.
# /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # Defaults env_reset # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL
As you can see there is basically one line
root ALL=(ALL) ALL
This lines means that the user root can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.
So the first part is the user, the second is the terminal from where the user can use sudo, the third is as which user he may act, and the last one, is which commands he may run.
Let’s see some other examples.
operator ALL= /sbin/poweroff
This makes that users operator can from any terminal, run the command poweroff.
You can also create aliases for: users -> User_Alias, run comands as other users -> Runas_Alias, host -> Host_Alias and command-> Cmnd_Alias
These are some examples:
User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.
So a typical sudoers file may look like this.
User_Alias OPERATORS = joe, mike, jude Runas_Alias OP = root, operator Host_Alias OFNET = 10.1.2.0/255.255.255.0 Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm OPERATORS ALL=ALL #The users in the OPERATORS group can run any command from any terminal. linus ALL=(OP) ALL # The user linus can run any command from any terminal as any user in the OP group (root or operator). user2 OFNET=(ALL) ALL # user user2 may run any command from any machine in the OFNET network, as any user. user3 ALL= PRINTING # user user3 may run lpc and lprm from any machine. go2linux ALL=(ALL) ALL # user go2linux may run any command from any machine acting as any user. (like Ubuntu)
If you want not to be asked for a password use this form
go2linux ALL=(ALL) ALL NO PASSWD: ALL
You may want to read sudoers man page
Edit: Sep. 09-2010
Here are some tips for vi:
1. Switch to root, (su root), then run visudo, (as above).
2. Find where it says “root ALL=(ALL) ALL”.
3. Type “o” to insert a new line below it.
4. Now type what you want to insert, eg “username ALL=(ALL) ALL”.
5. Hit esc to exit insert-mode.
6. Type “:x” to save and exit.
Credit to: http://twitter.com/h7dd3rs
personal notes: to edit the sudoers file use the ‘visudo’ command as root