Linux sudo
Revision as of 14:41, 4 November 2019 by Pio2pio (talk | contribs) (→Sudo - grant a user root privilages)
Sudo - grant a user root privilages
- Ubuntu
sudo usermod -aG sudo nameofuser # enough for Ubuntu, logout required sudo passwd root # sets root password, so it can be used to login
Edit safely /etc/sudoers file
sudo visudo
User rules fields explained
# The first ALL is the users allowed # | The second one is the hosts; on all hosts (if you distribute the same sudoers file to many computers) # | | # piotr ALL=(ALL:ALL) ALL # / | # / The last one is the commands allowed # The third one is the user as you are running the command
In examples below names beginning with a "%" indicate group names in /etc/group
root ALL=(ALL) ALL # standard root entry piotr ALL=(ALL) NOPASSWD: ALL # user can run as root without password piotr ALL= NOPASSWD: ALL # piotr will not be prompted for password, just another format to above piotr ALL= NOPASSWD: /usr/bin/service # piotr will not be prompt for password while running 'service' command %wheel ALL=(ALL) NOPASSWD: ALL # members of 'wheel' group can run without a password
If you find a number of entries applied to your user, the last entry takes precedence
sudo -l # list all of the rules in the /etc/sudoers that apply to your user sudo -k # clear the timer
Add user to the elevated privileges group
In Ubuntu adding a user to admin group will grant root user level access. Adding the user to sudo group will allow to execute any command as root user.
sudo usermod -aG nameofgroup nameofuser
In RedHat/CentOS add an user to a group wheel to enable sudo commands execution as root user.
sudo usermod -aG wheel nameofuser
In both examples above you need to login again for changes to be applied.
Disable sudo password timeout
Add Default
setting to the sudoers file. Doing it directly is not advised, use visudo
sudo visudo Defaults timestamp_timeout=-1