The sudo command is a command line utility / program that allows users who are trusted but not necessarily an administrator, to run and execute commands as root or another user…
This is usually the case for users who want to execute commands as root… or if a user wants to assume another user’s account privileges.. Only trusted users can use the sudo command..
This brief tutorial shows students and new users how to manage the sudoers file to grant access to standard users when using Ubuntu Linux… This may also apply to other versions of Ubuntu and Linux distributions..
The sudoers file contains all the info that controls the users and groups that are granted sudo privileges as well as the level of the privileges they may have..
There are multiples ways to grant users sudo privileges, and the easiest method of all is by using the sudo command itself.. Using the sudo command, one can give standard users sudo privileges by adding them to the sudo group..
Members of the sudo group will be able to run high level commands as root, but will be prompted to authenticate themselves with their own password before the commands can be executed..
Adding Users to sudo Group
To quickly add a user to the sudo group, you run the commands below:
usermod -aG sudo username
Change the highlighted username to the name of the account you are providing sudo privileges..
Running the command above to grant standard users access to the sudo command is enough in most cases… The users will be able to run commands as root or assume other accounts privileges..
To validate the user has sudo privileges, run the commands below
The resulting out put should be similar to the line below:
That’s all most users will need..
Adding Users to sudoers file
If you want to customize the access users get when using sudo, then you can edit the sudoers file and only give the necessary access customized security policies to do their job…
The first method give a user all the sudo rights… Almost like an administrator access.. If you feeling that’s too much rights, you can customize users access rights by using the sudoers file..
The default location for the sudoers file is at /etc/sudoers
You can edit the default sudoers file or create a new configuration file in the /etc/sudoers.d directory… All files inside this directory are also included when the sudo command is being used…
The sudoers file MUST be edited with the ‘visudo‘ command as root. By all means, please consider adding local content in /etc/sudoers.d/ instead of directly modifying the sudoers file…
For example, if you want a user to run command with sudo without password prompts, you can edit the sudoers file… To do that, open the sudoers file by running the commands below:
Scroll down to the end of the file and add the following line:
username ALL=(ALL) NOPASSWD:ALL
Replace username with the account name you want to allow access to sudo command… then save the file and exit..
The next time the user runs the sudo command, there will be no password prompts…
Another example might be that you only want a user to run particular commands… To do that, you can add the line below into the sudoers file..
username ALL=(ALL) NOPASSWD:/bin/mkdir,/bin/rmdir
The user will only be allow to run the /bin/mkdir and /bin/rmdir commands..
Using customized sudo privileges will give you more control over which users can run what commands and how… This will also increase your system’s security..
You have successfully learned how to use the sudoers file on Ubuntu
You may also like the post below: