Root and Sudo: Difference between revisions
Duffsigpatch (talk | contribs) |
Duffsigpatch (talk | contribs) No edit summary |
||
Line 5: | Line 5: | ||
Defaults mail_badpass | Defaults mail_badpass | ||
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | ||
# Host alias specification | # Host alias specification | ||
Line 47: | Line 20: | ||
# See sudoers(5) for more information on "@include" directives: | # See sudoers(5) for more information on "@include" directives: | ||
@includedir /etc/sudoers.d</nowiki> | |||
The lines of note here are the one that begins with root and the one that begins with %sudo. These lines specify permissions for specific users and user groups. The default specification grants the group sudo the ability to run commands as root with sudo and also says if you are root, you may also use sudo to prevent compatibility issues. Root can do anything, but it would give you an error if you didn't have that root line. | |||
You can specify users to allow to use sudo and other groups too. And you can change how much freedom they are given. The statements by default are written like this: | |||
<code>who where=(as_whom) what</code> |
Revision as of 19:29, 2 May 2024
Sudoers
I mentioned the Sudoers file briefly in the main Linux write up, but here we will go more in depth about it. Here is a typical Sudoers file:
Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL # See sudoers(5) for more information on "@include" directives: @includedir /etc/sudoers.d
The lines of note here are the one that begins with root and the one that begins with %sudo. These lines specify permissions for specific users and user groups. The default specification grants the group sudo the ability to run commands as root with sudo and also says if you are root, you may also use sudo to prevent compatibility issues. Root can do anything, but it would give you an error if you didn't have that root line.
You can specify users to allow to use sudo and other groups too. And you can change how much freedom they are given. The statements by default are written like this:
who where=(as_whom) what