Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Linux : Sudo and Sudoers ====== **sudo** stands for "superuser do." It is a command that allows regular (non-root) users to run commands with superuser or root privileges. It is often used for tasks that require elevated permissions, such as software installation, system configuration changes, or user management. ===== Usage ===== <code bash> ilyasa@sandbox:~$ sudo apt update </code> This is equivalent to running: <code bash> ilyasa@sandbox:~$ su - root@sandbox:~# apt update </code> ===== Adding a User to Sudoers ===== The **sudoers** file determines which users are allowed to use the sudo command and what commands they can execute. By default, sudo creates a group that is granted full root access. * The **sudo** group is common on Debian-based distributions. * The **wheel** group is common on Red Hat/Fedora-based distributions. To add a user to the sudoers list, you can add them to one of those groups: <code bash> usermod -a -G sudo <user> # Or usermod -a -G wheel <user> </code> ===== Sudoers File Configuration ===== The file <code>/etc/sudoers</code> is used to define permissions for users and groups to run commands as the root user or other users. Here is the default configuration on an Ubuntu system: <code> # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL </code> Explanation: * **ALL=** : The user can run commands on all hosts. * **(ALL:ALL)** : The user can run commands as all users and all groups. * **ALL** : The user can execute any command. * **%** : Indicates a group configuration. ===== Custom Configuration Example ===== <code> %admin ALL=(ALL) NOPASSWD: /usr/bin/apt </code> Explanation: * **NOPASSWD** : The user will not be prompted for a password when running the command. * **/usr/bin/apt** : The user is allowed to run the apt command. <WRAP info> It is recommended to use **visudo** when editing the **/etc/sudoers** file or any files in **/etc/sudoers.d/**, as it performs syntax checking before saving any changes. </WRAP> ==== Example ==== <code bash> sudo visudo -f /etc/sudoers.d/admin </code> <code conf> # Allow members of the admin group to run apt and systemctl commands without a password %admin ALL=(ALL) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /usr/bin/apt-cache, /bin/systemctl </code> system/linux/config/sudo.txt Last modified: 2026/02/01 21:08by 127.0.0.1