Unix Command: Not in the Sudoers File

The file /etc/sudoers, has the rules that users have to follow when using sudo command.

If you are (or was) running Ubuntu, you may know that by default the root account is not usable in Ubuntu, because it has no password, you may assign one and use it as in every other Linux, but that is another story. On normal Ubuntu Linux machines you need to use sudo command to perform operations as root.

I like that approach, and even though I am using Debian, I always give my account root rights, so I can run commands as root without changing to root.

sudo make me a sandwich

Comics from XKCD

As you can see from this funny picture, using sudo makes your system reacts as if was another user who are given the order.

Two of the best advantages about using sudo are:

  • Restringed privileges
  • Logs of the actions done by users

Well but in order to use sudo we first need to configure the sudoers file.

Do not edit directly the file

To edit it, use the command


You will see a file more or less like this.

# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers file.

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

As you can see there is basically one line

root ALL=(ALL) ALL

This lines means that the user root can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.

So the first part is the user, the second is the terminal from where the user can use sudo, the third is as which user he may act, and the last one, is which commands he may run.

Let’s see some other examples.

operator ALL= /sbin/poweroff

This makes that users operator can from any terminal, run the command poweroff.

You can also create aliases for: users -> User_Alias, run comands as other users -> Runas_Alias, host -> Host_Alias and command-> Cmnd_Alias

These are some examples:

User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET =
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm

As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network (all the C class), and the command alias PRINTING includes the commands lpc and lprm.

So a typical sudoers file may look like this.

 User_Alias     OPERATORS = joe, mike, jude
 Runas_Alias    OP = root, operator
 Host_Alias     OFNET =
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm


#The users in the OPERATORS group can run any command from
 any terminal.

linus ALL=(OP) ALL

# The user linus can run any command from any terminal as any 
user in the OP group (root or operator).


# user user2 may run any command from any machine in the 
OFNET network, as any user.


# user user3 may run lpc and lprm from any machine.

go2linux ALL=(ALL) ALL

# user go2linux may run any command from any machine acting
 as any user. (like Ubuntu)

If you want not to be asked for a password use this form


You may want to read sudoers man page

Edit: Sep. 09-2010

Here are some tips for vi:

1. Switch to root, (su root), then run visudo, (as above).
2. Find where it says “root ALL=(ALL) ALL”.
3. Type “o” to insert a new line below it.
4. Now type what you want to insert, eg “username ALL=(ALL) ALL”.
5. Hit esc to exit insert-mode.
6. Type “:x” to save and exit.

Credit to: http://twitter.com/h7dd3rs

personal notes: to edit the sudoers file use the ‘visudo’ command as root

quoted from:go2linux.org,linuxquestions.org

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s