Linux : Sudo and Sudoers

sudo stands for “superuser do.” It is a command that allows regular (non-root) users to run commands with superuser or root privileges. It is often used for tasks that require elevated permissions, such as software installation, system configuration changes, or user management.

ilyasa@sandbox:~$ sudo apt update

This is equivalent to running:

ilyasa@sandbox:~$ su -
root@sandbox:~# apt update

The sudoers file determines which users are allowed to use the sudo command and what commands they can execute.

By default, sudo creates a group that is granted full root access.

• The sudo group is common on Debian-based distributions.
• The wheel group is common on Red Hat/Fedora-based distributions.

To add a user to the sudoers list, you can add them to one of those groups:

usermod -a -G sudo <user>
# Or
usermod -a -G wheel <user>

The file

/etc/sudoers

is used to define permissions for users and groups to run commands as the root user or other users.

Here is the default configuration on an Ubuntu system:

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

Explanation:

• ALL= : The user can run commands on all hosts.
• (ALL:ALL) : The user can run commands as all users and all groups.
• ALL : The user can execute any command.
• % : Indicates a group configuration.

%admin ALL=(ALL) NOPASSWD: /usr/bin/apt

Explanation:

• NOPASSWD : The user will not be prompted for a password when running the command.
• /usr/bin/apt : The user is allowed to run the apt command.

sudo visudo -f /etc/sudoers.d/admin

# Allow members of the admin group to run apt and systemctl commands without a password
%admin ALL=(ALL) NOPASSWD: /usr/bin/apt, /usr/bin/apt-get, /usr/bin/apt-cache, /bin/systemctl