Wednesday, August 11, 2010


Sudo (su "do") the name it self indicates that switching user and to do some command as admin.
What actually the difference between su and sudo is that,su is switch user so that we should know administrator password to get admin rights.
But this is security threat for the superuser password it self.
So if an admin wants to give a normal user some/all admin rights depending on his/her requirement's so that he can execute some system level commands and in turn it will not effect root's integrity/properties etc.

So how to give sudo permissions to user?
To use sudo the sudo package should be installed on the server.

step1:quarry for the sudo package

#rpm -q sudo

step2:If the sudo package is not installed install it by below command

#rpm -ivh sudo.versionno.arch.rpm

step3:configuring sudousers


there is no space between vi and sudo right? remember this.
when you execute the above command you will be able to open one temporary file which contains all sudo related configuration in it
so you will find some thing like below
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root    ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

you will find some thing like this in that file
this file is self explanatory
We will see some example
user alias specification you can find it
this is the place where we can put user names to whom I want to give sudo permissions
so this is  my sample file
User_Alias USER=surendra
here I declared surendra to use sudo
Cmnd_Aias CMD=/usr/sbin/useradd
I set CMD to /usr/sbin/useradd so if I combined USER variable and CMD variable
the user surendra can execute useradd command with out having admin rights
so this the way I can combine the USER and CMD
so USER(surendra) can execute all the commands(ie CMD)
so after doing that save and exit that file
so log-in as surendra
and to access sudo you have to use like below
$sudo /usr/sbin/useradd

Like this we can add as many commands as possible which are not available to normal users