Among the most valuable tools at a Linux administrators disposal is sudo. It lets ordinary users temporarily submit commands as root or another user.
To use use this command simply put sudo before any command you want to run with root permissions.
sudo command
To submit commands as another user use the ‘-u‘ option and the username. This will submit a command as the user ryan.
sudo -u ryan command
The sudo configuration file is located at /etc/sudoers.
Although /etc/sudoers file is a regular text which root can edit manually, it is recommended that you only edit it using visudo. The visudo editor locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for errors.
The /etc/sudoers file has the general format:
user hostlist = (userlist) commandlist
This is a basic configuration and will allow the user ryan to run any command, on any host, as any user.
# User privilege specification root ALL=(ALL) ALL ryan ALL=(ALL) ALL
Here is a more complex example.
ryan tuxbox=(bob, bill) /bin/kill
This will give ryan access to run “kill” as the users bob and bill using “sudo -u” on the host “tuxbox”.
When using the above configurations you will be prompted for ryan’s password before sudo will execute your command. After the pasword is accepted, you will have a 5 minute window to submit other commands without further password requests.
Submitting a password has its security benefits, but if you are ok without it, there is a way around this inconvenience. If you don’t want to enter a password add the NOPASSWD tag to the configuration file like this.
# User privilege specification root ALL=(ALL) ALL ryan ALL=(ALL) NOPASSWD: ALL
If there are configuration lines that contradict one another sudo will give priority to the line closest to the bottom of the file. So if you make changes and they don’t seem to take effect, check that this is not the case.
All calls to sudo are logged in /var/log/messages so you have the ability to keep track of who did what on the system.