🌐 🇵🇱 Polski · 🇬🇧 EN
Sudo is a command (utility) in Linux environments that allows selected users to execute commands (programs) with the privileges of other users, e.g., with "root" privileges. For a selected user to be able to execute commands that fall outside their standard permissions, an appropriate entry must be added to the configuration file that controls the sudo command. The configuration file is typically:
/etc/sudoers
After issuing the command (unless the no-password option is set), the user will be prompted for a password, which is the user's own password.
Once the password is provided, it is cached for 5 minutes, and there is no need to re-enter it when executing subsequent sudo commands. The password timeout configuration is set in the /etc/sudoers file. The user can also extend the password cache for another interval (defaulting to another 5 minutes) by issuing the command:
sudo -v
We can also force the system to forget the password immediately using the command:
sudo -k
The simplest basic configuration can be performed by issuing the following command from the "root" account:
where "loginname" is the name of the regular user.
If there is no need to require a password from the user when executing sudo commands, we can disable the password prompt by adding the following entry:
Although the /etc/sudoers file can be edited directly using, for example, vi or nano, it is better to use a tool specifically designed for this purpose called: visudo. This command is superior because, upon exiting the editor and saving changes, it performs a syntax check, and if any errors are found, an appropriate message will be displayed.
Typically, sudo permission entries in the /etc/sudoers file take the form:
where "loginname" represents the username, "system" is the host from which the command can be executed (i.e., the system the user must be logged into when issuing the sudo command), and "command1..." are the commands the user will be able to execute beyond their own privilege level.
We can also grant permissions to an entire group of users in the following format:
where "groupname" is the name of the system group, and the other parameters are as defined above. Remember to prefix the group name with a "%" sign.
For example, an entry allowing user "user1", logged in locally, to execute the "fdisk" command without a password prompt looks like this:
If, however, we want all users in the "users" group to have the ability to shut down the machine without being asked for a password, we add the entry:
To check which sudo permissions you have, issue the command:
sudo -l

Comments