You are on page 1of 6

Linux, Mac OS X, and something else...

HOME BLOG LINUX MAC TECH BITS ABOUT CONTACT

Take Control of your Linux | sudoers file: How to with Examples
Date: 2012-05-22 10:56:30 -0400

Follow @ggarron

The sudoers file located at: /etc/sudoers , contains the rules that users must follow when using the sudo command. If you have ever used used Ubuntu, you know that the root account is disabled. This is because the root password is not set in Ubuntu, you can assign one and use it as with every other Linux distribution. That anyway is another story. On normal Ubuntu Linux computers you need to use sudo to act as root. I like using sudo, I’m not using Ubuntu anymore. The first thing I do when I install a new Linux is to use visudo to edit the sudoers file. And I always give my account root rights, then I can run commands as root without switching users. The best way to understand the sudo command, and the rules in sudoers file, the funny way is by this comics.

1 dari 6

27/08/2012 15:59

you will see something like this: # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. using sudo command. 2 dari 6 27/08/2012 15:59 .credit to: XKCD (http://xkcd.com/149/) As you can see from this funny picture. The sudoers file is located at /etc/sudoers. you need to use the visudo command. how to use it? In order to use sudo you first need to configure the sudoers file. makes the system obey any given order. The two best advantages about using sudo command are: Restricted privileges Logs of the actions taken by users I’m sure you are now fully aware of the advantages of using sudo command in a daily basis. Once you enter visudo command. And you should not edit it directly. # # See the man page for details on how to write a sudoers file.

is which commands he may run when using sudo.0 (all the C class). sudoers examples operator ALL= /sbin/poweroff The above command.# Defaults env_reset # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL Almost all lines are commented out. jude Runas_Alias OP = root. The first part is the user. the alias OP includes the users root and operator. mike and jude.0 C As you can see the alias OPERATORS includes the users joe. and the command alias PRINTING includes the commands lpc and lprm. the third part is which users he may act as. jude 3 dari 6 27/08/2012 15:59 . mike.1. You can also create aliases for: users -> User_Alias. mike. alias OFNET includes the network 10. So. run the command power off.255. the one that matters in this sudoers file example is: root ALL=(ALL) ALL This line means: The root user can execute from ALL terminals. acting as ALL (any) users. the second is the terminal from where the user can use sudo command. run commands as other users -> Runas_Alias. operator Host_Alias OFNET = 10. host -> Host_Alias and command -> Cmnd_Alias User_Alias OPERATORS = joe. makes the user operator can from any terminal.0/255.255.2.1. a typical sudoers file may look like this: User_Alias OPERATORS = joe. and run ALL (any) command. and the last one.2.

Now type what you want to insert. eg “username ALL=(ALL) ALL”.0 Cmnd_Alias PRINTING = /usr/sbin/lpc. Find where it says “root ALL=(ALL) ALL”. user3 ALL= PRINTING # user user3 may run lpc and lprm from any machine.2.255. as any user. 4 dari 6 27/08/2012 15:59 .1.255. /usr/bin/lprm OPERATORS ALL=ALL #The users in the OPERATORS group can run any command from any terminal.Runas_Alias OP = root.0/255. user2 OFNET=(ALL) ALL # user user2 may run any command from any machine in the OFNET network. (like Ubuntu) If you want not to be asked for a password use this form: go2linux ALL=(ALL) NOPASSWD: ALL You may want to read sudoers man page Considering that you are still reading here a bonus: visudo command uses vi as the editor here some tips to use it: Switch to root. Hit esc to exit insert-mode. go2linux ALL=(ALL) ALL # user go2linux may run any command from any machine acting as any user. Type “o” to insert a new line below it. operator Host_Alias OFNET = 10. (as above). linus ALL=(OP) ALL # The user linus can run any command from any terminal as any user in the OP group (root or operator). (su root). then run visudo.

visudo Using nano with visudo export VISUAL=nano.Type “:x” to save and exit. And just because of your dedication. I’ll show you how to set nano or vim to use with visudo command as default editor. Using vim with visudo export VISUAL=vim. Tweet 13 +18 Recommend this on Google Recommend 9 Send StumbleUpon submit 5 dari 6 27/08/2012 15:59 . visudo If you liked this article please share it. changing the default visudo editor is easy. and still reading until here. Can I change the default visudo editor? Yes.

(/contact.xml) | Twitter feed (http://twitter.Follow us via email Email * Check All That Apply * Linux Monthly Mac Monthly Personal Blog Monthly If you want to contact me in any other way.com) RSS feed (/atom.html) Creative Commons Attribution-NonCommercial-ShareAlike 3.0/) | Powered by Jekyll (http://jekyllrb.0 (http://creativecommons. please use the contact page.org/licenses/by-ncsa/3.com/ggarron) 6 dari 6 27/08/2012 15:59 .