/etc/sudoers (main configuration file)
usernames/group servername = (usernames command can be run as) command
Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group “users” would be represented by %users.
You can have multiple usernames per line separated by commas.
Multiple commands also can be separated by commas. Spaces are considered part of the command.
The keyword ALL can mean all usernames, groups, commands and servers.
If you run out of space on a line, you can end it with a back slash (\) and continue on the next line.
sudo assumes that the sudoers file will be used network wide, and therefore offers the option to specify the names of servers which will be using it.
In most cases, the file is used by only one server and the keyword ALL suffices for the server name.
The NOPASSWD keyword provides access without prompting for your password.
Granting All Access to Specific Users
Grant admin1 and admin2 full access to all privileged commands, with this sudoers entry.
admin1,admin2 ALL=(ALL) ALL
Granting Access To Specific Users To Specific Files
teamlead1, %Project ALL= /sbin/, /usr/sbin
This entry allows user teamlead1 and all the members of the group Project to gain access to all the program files in the /sbin and /usr/sbin directories
Granting Access to Specific Files as Another User
sudo -u entry allows allows you to execute a command as if you were another user, but first you have to be granted this privilege in the sudoers file.
This feature can be convenient for programmers who sometimes need to kill processes related to projects they are working on. For example, programmer user1 is on the team developing a financial package that runs a program called thread1 as user accounts. From time to time the application fails, requiring “user1” to stop it with the /bin/kill, /usr/bin/kill or /usr/bin/pkill commands but only as user “accountsmanager”. The sudoers entry would look like this:
user1 ALL=(accountsmanager) /bin/kill, /usr/bin/kill, /usr/bin/pkill
User user1 is allowed to stop the thread1 process with this command:
[user1@learnadmin user1]# sudo -u accountsmanager pkill thread1
