sudo command is used to give
root privileges to the normal users .
/etc/sudoers file is used for configuration of
sudo . Sudoers file provides the users who can run
sudo command. Sudoers also used to limit the commands the user can run.
Run Command With Sudo
Sudo command will accept given command and look to the sudoers file. If the given user have right to run command with sudo the password will be asked. If the passwordless sudo usage is allowed the command will run with root privileges.
Now we will run
cat /etc/shadow command which will list users password hashes. Normal user can not have right to print password hashes.
$ sudo cat /etc/shadow
If we run
sudo command without specifying username explicitly the current user account will be used. But we can also specify the username explicitly with
In this example we will run
ls / command with user account ismail.
$ sudo -u ismail ls /
Sudoers file is the database which is used by
sudo command. All specified rules are applied during
sudo usage. Here is the default Sudoers file.
# User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
The general syntax is very simple. We first specify the user name or group name we want to apply rules. and then we provide the commands the user can run. In this configuration file all commands can be run buy given users and groups.
Give User Sudo Rights
We can add new rules to the sudoers file. First we will open sudoers file with following
$ sudo visudo
We will add following line for the user mike which can run all commands.
mike ALL=(ALL:ALL) ALL
Give Group Sudo Rights
We can also provide a group sudo rights with the following command. The group name is
operator . We add
% before the group name.
%operator ALL=(ALL) ALL
Every time we issue
sudo command we need to provide our user’s password. This may become a nightmare for regular
sudo command users. We will add the
NOPASSWD to the
ALL part of rule.
In this example we configure
sudo for user account
ismail ALL = (ALL) NOPASSWD: ALL
List Sudo Allowed Commands
Sudo command can restrict given user right to use commands. We can use
-l option to list allowed commands with sudo. Actually the directories or commands allowed to run will be listed.
$ sudo -l