Sudoers file

Basics ref: https://www.linux.com/training-tutorials/configuring-linux-sudoers-file/

Credits: Istimsak Abdulbasir on linux.com

SUDOERS

The sudoers file is a file Linux and Unix administrators use to allocate system rights to system users. This allows the administrator to control who does what. Remember, Linux is built with security in mind. When you want to run a command that requires root rights, Linux checks your username against the sudoers file. This happens when you type the command “sudo”. If it determines, that your username is not on the list, you cannot run the command/program logged in as that user.

What you will have to do is login as “root” by using the command “su -l”. The “-l” means it should login normally. The default user for the su command is root. Then you will enter the password for the root account, giving you a shell prompt where you can run any command as root. Again, this not safe. Once you are logged in as root, the system is open to vulnerabilities. It is best to supply rights to the non-root user for the sole purpose to run a desired command/program. However, your username must be in the sudoers file.

You can find the sudoers file in “/etc/sudoers”. Use the “ls -l /etc/” command to get a list of everything in the directory. Using -l after ls will give you a long and detailed listing.

SUDOERS FILE

Here is a layout of the sudoers file in Ubuntu. Your sudoers file may differ depending on the type of system you are using but should be the same genetically. # /etc/sudoers # # This file MUST be edited with the ‘visudo’ command as root. # # See the man page for details on how to write a sudoers file. #

Defaults env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification root ALL=(ALL) ALL

# Allow members of group sudo to execute any command after they have # provided their password # (Note that later entries override this, so you might need to move # it further down) %sudo ALL=(ALL) ALL # #includedir /etc/sudoers.d

# Members of the admin group may gain root privileges

Lets skip all the way down to the section that says. “# User privilege specification”. Under that comment, the user “root” is given system privileges. The variable ALL means all in the root. The (ALL) ALL value represents all privileges, more or less, at least that is what I determined it to be.

If you want to add another user, like yourself, under the line root ALL=(ALL) ALL, type:

username ALL=(ALL) ALL

substituting username with your account name. Now your user account has sudo rights, or you are finally on that VIP list.

Look further down till you see, %sudo ALL=(ALL) ALL

In Ubuntu, there is a group called sudo that grant users added to it system rights after they have submitted their password. This specifies rights to it. So, if you were wise enough to add your username to the sudo group, you’re good money. The same goes for the admin group. Take notice of the “%” right before the group name. This indicates that admin and sudo are system groups.

Once you have all your settings in place you can write out and exit the file by typing the ESC key followed by “:wq”, if you used visudo to edit the sudoers file, like you are supposed to.

Now you do not need to use visudo as recommended. You can use the program “nano” that allows you to view text files in a terminal and modify them. This is my preferred method. To write out and exit the sudoers file with nano, type control-X.

As I said before, the sudoers file will differ depending on the system your using. I am using Fedora 14, a sort of fragile system. There is no sudo group. In Ubuntu as this file was taken from, does have a sudo group. Either way, the steps stated here will work on any other Linux distro.