What is sudo command in linux?
In a typical linux server you have three types of users:
- super or root user has full access to server
- system user (non-interactive) has limited access to server
- normal user (interactive) has limited access to server
Root or super user has administrative permissions and can perform all operations or run any command on a server while normal user can not run all commands.
Sometimes, you may want multiple users to login to your server and perform different operations some of them may need to run some specific commands that normal user do not have access to.
Sudo utility is designed to overcome this proble, Normally sudo user can run all commands but in some case we want normal user to have access to specific commands.
What is /etc/sudoers file?
The /etc/sudoers file controls who can run what commands. Normal linux user can not run all commands however in some case if you want them ro run privileged commands you can define them in /etc/sudoers file.
The sudo command is basically a command that allow user to execute a command as another user. It is basically allowing normal users to execute commands usually reserved to the root user.
The visudo command is a safe and secure way of editing the /etc/sudoers file on the linux system.
/etc/sudoers file contains four basic aliases:
User Alias are used to specify groups of users. You can specify usernames, system groups (prefixed by a %) and netgroups (prefixed by a +) as follows:
# setting ADMINS alias for system group admin User_Alias ADMINS = %admin # DEVS alias is set for users sandip, john and brad User_Alias DEVS =sandip, john, brad # DEVOPS alias set for users sandip and mac User_Alias DEVOPS = sandip, mac # You can also use ! to exclude users from an alias User_Alias LIMITED_USERS = USERS, !DEVS, !DEVOPS
Runas Aliases are almost the same as user aliases but you are allowed to specify users by uid's.
# UID 0 is normally used for root # Note the hash (#) on the following line indicates a uid, not a comment. Runas_Alias ROOT = #0 # setting ADMINS alias for system group admin # with the addition of "root" Runas_Alias ADMINS = %admin, root
A host alias is a list of hostname, ip addresses, networks and netgroups (prefixed with a +).
# This is all the servers Host_Alias SERVERS = 192.168.0.1, 192.168.0.2, server1 # This is the whole network Host_Alias NETWORK = 192.168.0.0/255.255.255.0 # And this is every machine in the network that is not a server Host_Alias WORKSTATIONS = NETWORK, !SERVERS
Command aliases are lists of commands and directories. If you specify a directory it will include any file within that directory but not in any subdirectories.
# All the shutdown commands Cmnd_Alias HTTPD_CMDS = /sbin/service httpd start, /sbin/service httpd stop # Web commands Cmnd_Alias APACHE_CMDS = /etc/init.d/apache2
Sample /etc/sudoers file
Let's check one example of this file content: Following line of code allows ubuntu user to have full access without asking password once user is logged in:
# User rules for ubuntu ubuntu ALL=(ALL) NOPASSWD:ALL