Of Stack

How to add sudo permissions to users in an Linux environment

  • 2021-08-31 09:49:49
  • OfStack

Configuration file for sudo

The default configuration file for sudo is **/etc/sudoers**, and Linux is used to specify the editing tool visudo, which has the advantage of error checking. When the added rule does not conform to the grammar rule, we will be prompted with an error message when saving and exiting; After configuration, you can switch to your authorized normal user, through sudo-l to see which commands can be executed or prohibited;

Each line in the/etc/sudoers file is a rule, preceded by a # that can be used as a comment and is not executed; If the rule is long, it can be written on multiple columns, and the\ sign can be used to continue the line.

/etc/sudoers rules can be divided into two categories; Class 1 is authorization rules, and the other class is alias definitions; Alias definitions are not required, but authorization rules are;

Enter root user and open sudoers file 


#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults  env_reset
Defaults  mail_badpass
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root  ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo  ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Example 1: Ordinary user lin adds sudo permission. Under the line "root ALL= (ALL) ALL", add one line (user name ALL= (ALL) ALL) as shown in the following figure and save it.

lin ALL=(ALL:ALL) ALL

Example 2: How do I want the normal user lin to have the/etc/init. d/nagios script restart

lin ALL=NOPASSWD:/etc/init.d/nagios restart

Example 3: Let the ordinary user lin have all the privileges of the super user without entering a password

lin ALL=(ALL)NOPASSWD:ALL

Related articles: