Home
How to use sudo command and sudoers file

How to use sudo command and sudoers file

No Comments Digital Media

The sudo command allows non-root users to run others that would normally require root privileges, while the sudoers file tells the system how to handle the sudo command. In this tutorial, we will show you all the basics of the sudo command and how to edit the sudoers file.

Understanding the sudo command

To start understanding how sudo works, first access tu via SSH. If you have problems, consult our .

By default, the root user you don’t need to use the sudo prefix. This already has all the possible privileges. On the other hand, if a non-root user wants to add another user, they will need to prefix the useradd command with sudo, like so:

sudo useradd edward

If the user does not use the sudo prefix, they will receive a message about the permission denied.

The Sudoers Archive

The sudo command is configured through a file located in /etc/ called sweats.

Through the sudo command, you can provide administrative-level privileges to regular users. Normally, in a VPS environment, the first user you create when installing Ubuntu has sudo rights; this default user is known as the default root user. You can configure other users so that they can also run the sudo command. This can be done by editing the sudoers.

Important: Be careful! Editing the sudoers file, with errors or incorrect syntax, can cause all users on your version to be locked out.

Sudoers file syntax

You can open the file with your preferred text editor. For the example we have used saw:

See also  Best Booking Plugin for WordPress: 10 Free and Paid Alternatives

vi /etc/sudoers

The VPS file looks like this:

Let’s look at some of the formats and rules to follow when editing sudoers:

  • All lines beginning with # they are comments
  • root ALL=(ALL: ALL) ALL – this line means that the root user has unlimited privileges and can execute any command on the system
  • %admin ALL=(ALL) ALL – the % sign specifies a group. Anyone in the administrators group has the same privileges as the root user
  • %sudo ALL = (ALL: ALL) ALL – all users in the sudo group have the privileges to execute any command

Another line of interest is #includedir /etc/sudoers.d, this means we can add configurations to the sudoers.d file and link to it.

Editing the Sudoers file

To edit the file /etc/sudoersuse the following command:

sudo visudo -f /etc/sudoers

We recommend using visudo to edit the sudoers file. Visudo makes sure that sudoers is edited by one user at a time and provides the necessary syntax checks.

To see which users are in the sudo group, you can use a command:

grep ‘sudo’ /etc/group

This will generate a list of usernames.

To add a user named ‘bill’ to the sudo group, use the command add user on the command line, like so:

adduser bill sudo

If you use the grep command to check who is in the group, you will see the username ‘bill’.

If you want to give someone root privileges, just add them to sudo.

To remove ‘bill’ as a sudo user:

deluser bill sudo

The deluser command will remove the invoice from the sudo group.

See also  The new Plan Upgrade feature: boost your resources for 24 hours

Now ‘bill’ will no longer be able to perform actions that require sudo privileges.

Use the Sudoers file to grant specific privileges

What if you want Bill to be able to run only specific types of commands with sudo privileges, like in networking?

First, create a configuration file in /etc/sudoers.d/ called networking.

Use the following command to create the file:

sudo visudo -f /etc/sudoers.d/networking

Add the following text to the file:

Cmnd_Alias ​​CAPTURE = /usr/sbin/tcdump Cmnd_Alias ​​SERVERS = /usr/sbin apache2ctl, /usr/bin/htpasswd Cmnd_Alias ​​NETALL = CAPTURE, SERVERS %netadmin ALL=NETALL

What you have done in the above file is to create a netadmin group. Users in the netadmin group will be able to execute the commands specified in NETALL. NETALL in turn includes all commands under the CAPTURE and SERVERS aliases. The tcpdump command is under the CAPTURE alias, that is, /usr/sbin/tcpdump.

Next, you can add ‘bill’ to the netadmin group:

sudo adduser bill netadmin

Now ‘bill’ will be able to run the tcpdump command along with other networking related commands.

concluding

If you’re working with multiple users, understanding the sudo command and the sudoers file is an absolute must. In this tutorial, you learned all the basics to take control of your system privileges!

Deyi is a digital marketing enthusiast, with a background in web design, content creation, copywriting, and SEO. She is part of ‘s SEO & Localization team. In her free time, she likes to develop projects, read a book or watch a good movie.

Related posts:

  1. What is Dropshipping and how to get started?
  2. ERR_CONNECTION_REFUSED: What is it and 11 ways to fix it
  3. How to set up a WordPress intranet
  4. How to make an effective landing page
See also  Google Domains Review: Price, Comparison & More (2022)

Related Posts

Loading Facebook Comments ...
Loading Disqus Comments ...