system:linux:config:sudo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
system:linux:config:sudo [2026/01/26 20:37] – removed - external edit (Unknown date) 127.0.0.1system:linux:config:sudo [2026/02/01 21:08] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Linux : Sudo and Sudoers ======
  
 +**sudo** stands for "superuser do." It is a command that allows regular (non-root) users to run commands with superuser or root privileges. It is often used for tasks that require elevated permissions, such as software installation, system configuration changes, or user management.
 +
 +===== Usage =====
 +
 +<code bash>
 +ilyasa@sandbox:~$ sudo apt update
 +</code>
 +
 +This is equivalent to running:
 +
 +<code bash>
 +ilyasa@sandbox:~$ su -
 +root@sandbox:~# apt update
 +</code>
 +
 +===== Adding a User to Sudoers =====
 +The **sudoers** file determines which users are allowed to use the sudo command and what commands they can execute.
 +
 +By default, sudo creates a group that is granted full root access.
 +
 +  * The **sudo** group is common on Debian-based distributions.
 +  * The **wheel** group is common on Red Hat/Fedora-based distributions.
 +
 +To add a user to the sudoers list, you can add them to one of those groups:
 +
 +<code bash>
 +usermod -a -G sudo <user>
 +# Or
 +usermod -a -G wheel <user>
 +</code>
 +
 +===== Sudoers File Configuration =====
 +The file <code>/etc/sudoers</code> is used to define permissions for users and groups to run commands as the root user or other users.
 +
 +Here is the default configuration on an Ubuntu system:
 +
 +<code>
 +# User privilege specification
 +root    ALL=(ALL:ALL) ALL
 +
 +# Members of the admin group may gain root privileges
 +%admin ALL=(ALL) ALL
 +
 +# Allow members of group sudo to execute any command
 +%sudo   ALL=(ALL:ALL) ALL
 +</code>
 +
 +Explanation:
 +  * **ALL=** : The user can run commands on all hosts.
 +  * **(ALL:ALL)** : The user can run commands as all users and all groups.
 +  * **ALL** : The user can execute any command.
 +  * **%** : Indicates a group configuration.
 +
 +===== Custom Configuration Example =====
 +<code>
 +%admin ALL=(ALL) NOPASSWD: /usr/bin/apt
 +</code>
 +
 +Explanation:
 +  * **NOPASSWD** : The user will not be prompted for a password when running the command.
 +  * **/usr/bin/apt** : The user is allowed to run the apt command.
 +
 +<WRAP info>
 +It is recommended to use **visudo** when editing the **/etc/sudoers** file or any files in **/etc/sudoers.d/**, as it performs syntax checking before saving any changes.
 +</WRAP>
 +
 +==== Example ====
 +
 +<code bash>
 +sudo visudo -f /etc/sudoers.d/admin
 +</code>
 +
 +<code conf>
 +# Allow members of the admin group to run apt and systemctl commands without a password
 +%admin ALL=(ALL) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /usr/bin/apt-cache, /bin/systemctl
 +</code>