The sudoers file located at: /etc/sudoers, contains the rules that users must follow when using the sudo command.
If you have ever used used Ubuntu, you know that the root account is disabled. This is because the root password is not set in Ubuntu, you can assign one and use it as with every other Linux distribution. That anyway is another story. On normal Ubuntu Linux computers you need to use sudo to act as root.
I like using sudo, I'm not using Ubuntu anymore. The first thing I do when I install a new Linux is to usevisudo to edit the sudoers file. And I always give my account root rights, then I can run commands as root without switching users.
The best way to understand the sudo command, and the rules in sudoers file, the funny way is by this comics.
If you have ever used used Ubuntu, you know that the root account is disabled. This is because the root password is not set in Ubuntu, you can assign one and use it as with every other Linux distribution. That anyway is another story. On normal Ubuntu Linux computers you need to use sudo to act as root.
I like using sudo, I'm not using Ubuntu anymore. The first thing I do when I install a new Linux is to usevisudo to edit the sudoers file. And I always give my account root rights, then I can run commands as root without switching users.
The best way to understand the sudo command, and the rules in sudoers file, the funny way is by this comics.
As you can see from this funny picture, using sudo command, makes the system obey any given order.
The two best advantages about using sudo command are:
In order to use sudo you first need to configure the sudoers file. The sudoers file is located at/etc/sudoers. And you should not edit it directly, you need to use the visudo command.
Once you enter visudo command, you will see something like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
Almost all lines are commented out, the one that matters in this sudoers file example is:
root ALL=(ALL) ALL
This line means: The root user can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.
The first part is the user, the second is the terminal from where the user can use sudo command, the third part is which users he may act as, and the last one, is which commands he may run when using sudo.
sudoers examplesoperator ALL= /sbin/poweroff
The above command, makes the user operator can from any terminal, run the command power off.
You can also create aliases for: users -> User_Alias, run commands as other users -> Runas_Alias, host -> Host_Alias and command -> Cmnd_Alias
User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.
So, a typical sudoers file may look like this:
The two best advantages about using sudo command are:
- Restricted privileges
- Logs of the actions taken by users
In order to use sudo you first need to configure the sudoers file. The sudoers file is located at/etc/sudoers. And you should not edit it directly, you need to use the visudo command.
Once you enter visudo command, you will see something like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
Almost all lines are commented out, the one that matters in this sudoers file example is:
root ALL=(ALL) ALL
This line means: The root user can execute from ALL terminals, acting as ALL (any) users, and run ALL (any) command.
The first part is the user, the second is the terminal from where the user can use sudo command, the third part is which users he may act as, and the last one, is which commands he may run when using sudo.
sudoers examplesoperator ALL= /sbin/poweroff
The above command, makes the user operator can from any terminal, run the command power off.
You can also create aliases for: users -> User_Alias, run commands as other users -> Runas_Alias, host -> Host_Alias and command -> Cmnd_Alias
User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
As you can see the alias OPERATORS includes the users joe, mike and jude, the alias OP includes the users root and operator, alias OFNET includes the network 10.1.2.0 (all the C class), and the command alias PRINTING includes the commands lpc and lprm.
So, a typical sudoers file may look like this:
If you want not to be asked for a password use this form:
go2linux ALL=(ALL) NOPASSWD: ALL
You may want to read sudoers man page
Considering that you are still reading here a bonus:
visudo command uses vi as the editor here some tips to use it:
Yes, changing the default visudo editor is easy.
And just because of your dedication, and still reading until here, I'll show you how to set nano or vim to use with visudo command as default editor.
Using vim with visudo
export VISUAL=vim; visudo
Using nano with visudo
export VISUAL=nano; visudo
source : http://bencane.com/
go2linux ALL=(ALL) NOPASSWD: ALL
You may want to read sudoers man page
Considering that you are still reading here a bonus:
visudo command uses vi as the editor here some tips to use it:
- Switch to root, (su root), then run visudo, (as above).
- Find where it says "root ALL=(ALL) ALL".
- Type "o" to insert a new line below it.
- Now type what you want to insert, eg "username ALL=(ALL) ALL".
- Hit esc to exit insert-mode.
- Type ":x" to save and exit.
Yes, changing the default visudo editor is easy.
And just because of your dedication, and still reading until here, I'll show you how to set nano or vim to use with visudo command as default editor.
Using vim with visudo
export VISUAL=vim; visudo
Using nano with visudo
export VISUAL=nano; visudo
source : http://bencane.com/