Give users specific access with sudo
If you're new to Linux chances are you know about Ubuntu. Ubuntu has done a great job making a distribution of Linux new-user friendly. One of the ways they have done this is by making the root user (the super user) somewhat transparent. The user can not log in as the root user in a Ubuntu system (unless they have made it so) and the user has to use the sudo utility in order to run administrative tasks.
Now as an administrator of a Linux system, the sudo utility is a great way to manage user permissions with regards to access (especially with regard to applications). Say, for example, you have a specific executable file placed in /usr/sbin that you want your standard users to be able to use along with the ability to use the tools in the whole /usr/bin. Or say you have one specific user on your system that you want to give full administrative access to. This can all be done with the help of sudo. Let's see how.
A quick intro
If you're not familiar with sudo, let me give you a quick synopsis. The sudo tool allows you to effectively execute a command as a user with the security pirvileges of another user. Most often, as in Ubuntu, this allows a standard user to issue commands with administrative privileges. The basic command is issued like this:
Where COMMAND is the command you want to run. You will then be prompted for your user password. Of course you don't need to use sudo if you are running standard commands that do not require administrative privileges.
Sudo is configured with the help of a single file: /etc/sudoers. When you look at this file you will most likely be a bit tentative to make any changes. Fortunately the changes we are going to make are fairly basic. You do have to use sudo to make changes to the sudoers file. So to open this file with the nano editor you would issue the command:
sudo nano /etc/sudoers
and then give your user password.
Add a user for all administrative privileges
To add an already existing user to this file you would add a line in the main section. This "main" section can be found by searching for the root entry which looks like:
root ALL=(ALL)Â Â Â Â ALL
Not only is that the line you are looking for, it is also the structure of the line you will add. Let's say you want to add the user onichan to give her administrative rights with sudo. To do this the line would look like:
onichanÂ Â Â Â ALL=(ALL)Â Â Â Â ALL
Now, there is one problem with adding a user like this. What a user can do is, effectively, gain access to the real, permanent root user and avoid all logging handle by sudo. So instead of the above, let's give onichan permission to execute commands in specific directories. We'll give her pemission to run commands in the following:
This entry will look like:
onichan ALL=/usr/sbin, /sbin
Now user onichan can execute commands in both /usr/sbin and /sbin using sudo and giving her user password.
This only skims the surface of the power of sudo. We'll cover many more aspects of this outstanding administrative tool in later articles. But at least now you can see how sudo works and how to add users. There are other aspects of sudo that I do not recommend employing (such as the NOPASSWD feature), but every system has unique needs.