How To Allow Normal User Run Commands As Root In Linux with sudo Command?
We have an application that needs higher privileges than normal user. This application may be run with root user. But we need to run this application with normal user with root privileges.
sudo command is used to elevate user privileges to higher. Generally used to run commands as root user. Commands issued with
sudo are logged into /var/log/auth.log
In this example we will print the
/etc/shadow file which is only printed with the
root user. In order to get
root privileges we will use
$ sudo cat /etc/shadow
Sudoers is sudo configuration file where sudo enabled users are list. Beyond listing users also their permissions are set in this file. Sudoers file can be access from /etc/sudoers . Example sudoers file can be found below
## The COMMANDS section may have other options added to it.
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Add User To Wheel Group To Enable Admin Access
There are different ways to get root privileges. Most used way is to add user to the wheel group. Whell is a special group where users in this group have root privileges.
$ usermod -a -G wheel test2
Now user test2 can run higher privilege commands like below
$sudo passwd john
Add User Specifically In The Sudoers File
We can add user test2 to the sudoers file like adding following line.
$echo "test2 ALL=(ALL) ALL" >> /etc/sudoers
- We will add our user with echo to the /etc/sudoers file
- test2 is the username
- ALL=(ALL) ALL line will add all privileges to the test2 user.
Sudo Usage Log
sudo command usage is important because it will give root access to the normal users. The actions of the users should be saved in to a log file.
sudo command log files are stored in the
$ cat /var/log/auth.log