![]() If you’re working with multiple users, understanding the sudo command and the sudoers file is an absolute must. Now the user bill will be able to run the tcpdump command along with other networking related commands. Next we add user bill to the netadmin group: sudo adduser bill netadmin The command tcpdump is under CAPTURE alias i.e. NETALL in turn include all commands under CAPTURE and SERVERS aliases. Users in the netadmin group can run commands specified in NETALL. Next, create a password for the new user by entering the following in your terminal window: passwd UserName. Use the actual username for your new user in place of UserName. ![]() What we have done in the above file is create a netadmin group. To add a new sudo user, open the terminal window and enter the command: adduser UserName. Use the following command to create the file: sudo visudo -f /etc/sudoers.d/networkingĪdd following text in the file: Cmnd_Alias CAPTURE = /usr/sbin/tcpdumpĬmnd_Alias SERVERS = /usr/sbin apache2ctl, /usr/bin/htpasswd To do so we create a configuration file in /etc/sudoers.d/ called networking. This configuration allows system accounting to trace the original login name of any user who performs a privileged administrative action. What if we want bill to be able to run only specific kinds of commands with sudo privileges, like networking? Use the Sudoers File to Grant Specific Privileges sudo useradd new-admin-username -s /bin/bash -g sudo -m -s sets the user's login shell-m makes the user's home directory if it doesn't exist: /home/new-admin-username-g adds the user to the sudo group so they will have admin privileges (>11.10) Once created, add a password for the user: sudo passwd new-admin-username Login to the user to. Now the user bill can no longer perform actions that require sudo privileges. The deluser command will remove bill from the sudo group. To remove a user from sudo: deluser bill sudo If you want to give anyone root privileges just add them to sudo. If we use the grep command to check who is in the group, we’ll see the username bill. To add a user called bill to the sudo group, we use the adduser command in the command line, like so: adduser bill sudo To see which users are in the sudo group we can use a grep command: grep ‘sudo’ /etc/group Visudo makes sure that sudoers is edited by one user at a time and provides necessary syntax checks. It is recommended to use visudo to edit the sudoers file. To edit /etc/sudoers file, use following command: sudo visudo -f /etc/sudoers %sudo ALL=(ALL:ALL ) ALL – all users in the sudo group have the privileges to run any commandĪnother line of interest is #includedir /etc/sudoers.d, this means we can add configurations to the file sudoers.d and link it here.Anyone in the admin group has the same privileges as of root user %admin ALL=(ALL) ALL – the % sign specifies a group.root ALL=(ALL:ALL) ALL – this line means that the root user has unlimited privileges and can run any command on the system.# These are groups of related commands.Let’s look at some of the formats and rules to follow when editing sudoers: You can group the set of commands to be run under Cmnd_Aliasįor example, if you open the /etc/sudoers file, you can find the following aliases. There are scenarios where you might want only specific commands to be run a sudo privileges for a specific user. Adding sudo privileges for specific command execution. They behave differently and will cover both. There are differences between these two commands. ![]() You can also create a new sudo user with the command useradd. The commands we’ll be using to run these actions are adduser and deluser. It should work based on your password preferences (with or without password) you set for wheel group. In this article we will cover how to create a new sudo user in Linux via terminal. Step 4: Now lets test the sudo user by logging in as the user. If you need password less sudo access, you need uncomment the following where it has NOPASSWD and save the file using ESC + w + q + ! %wheel ALL=(ALL) NOPASSWD: ALL %wheel ALL=(ALL) ALLīy default, even if a user is part of wheel group, you need to provide the password every time you run a command as sudo. Step 3: Make sure the following line is uncommented in the file. Step 2: Execute visudo command to open /etc/sudoers file. Note: If a user is part of wheel group, he can run any command as a super user. Now lets make our new user or an exiting user a sudo user. Passwd: all authentication tokens updated successfully. You will be prompted for updating the new password. Step 2: Create a user using useradd command. Adding sudo privileges for specific command execution.In this guide, we will look in to the following. It is very important to categorize a user as a sudo user based on the use case. ![]() With full sudo privileges, a user will be able to perform any operations on the Linux system. Sudo user in Linux will have permissions similar to a root user.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |