How can users have root (administrative) privileges in Linux, user without knowing the root password? One of the best answers to this question is sudo. Users login using their username and password and issue administrative commands placing sudo in front of the commands .Eg: `sudo rm /home/arun` . Sudo (su “do”) allows a system administrator to give certain users or groups of users ability to run some or all commands as root while logging all commands and arguments.
Sudo stands for either “substitute user do” or “super user do.Sudo allows a user to run a program as another user (most often the root user).
The sudoers determines a user’s sudo privileges.
sudoers config file: /etc/sudoers
vim /etc/sudoers or visudo
# user can access with full privilege
root ALL = (ALL) ALL
# group users can access with full privilege
%wheel ALL = (ALL) ALL
In the above example:
* root : name of user to be allowed to use sudo
* ALL : Allow sudo access from any terminal ( any machine ).
* (ALL) : Allow sudo command to be executed as any user.
* ALL : Allow all commands to be executed.
We can assign multiple user in one category like admin and partadmin
User_Alias ADMIN = arvi, biswa, visuntha
User_Alias PARTADMIN = guru, kokki
# Admins can run anything on any machine without a password
ADMIN ALL = NOPASSWD: ALL
# Partadmins may run anything but need a password
PARTADMIN ALL = ALL
# Full privelage with particular deny access:-
ADMIN ALL=(ALL) ALL
ADMIN ALL=(ALL) !/bin/su, !/usr/bin/passwd
# Full block with particular allow access:-
PARTADMIN ALL=(ALL) /bin/su, /usr/bin/passwd
# visuntha may change passwords for anyone but restric for root
visuntha ALL = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
============================> Blass <=============================