Saturday, September 5, 2015

Add users to sudoers list

In a *nix environment it is prohibited to execute few commands unless given user belongs to a specific group or himself a super-user or otherwise. to overcome this *nix provides sudo.

as a basic definition ( from manual pages )
"sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy."

Here are a few steps to make a user part of this sudo set-up which will enable a user to execute almost all commands that a super user can using sudo prefix.

Step-1 : Make sure given user is not in sudoers list. though there are a number of ways to check if one user is allowed to issue a sudo command perhaps the most easiest way is to switch to super-user.
$ sudo su -
[sudo] password for break-it:
break-it is not in the sudoers file.  This incident will be reported.
Other options include commands such as
 $ sudo -l
[sudo] password for break-it:
Sorry, user break-it may not run sudo on foo-bar-host-name.

Step-2: Ensure you have root privileges or part of a group which has sudo privileges. issue one of the below commands depending on which user you are logged in as.
if root :
$ vi /etc/sudoers
else in case of special user with sudo permissions
$ sudo vi /etc/sudoers
Step-3:  Find out a section in sudoers file with line as
# User privilege specification 
Probably followed by few lines like these
# User privilege specification
root    ALL=(ALL:ALL) ALL
foo     ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
Now all you need to do is to add the username to given list as below ( lets say the user in our case is break-it ), final file after edit will look like this.
# User privilege specification
root    ALL=(ALL:ALL) ALL
kk      ALL=(ALL:ALL) ALL
break-it ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
Save file ( by typing Esc, :wq ) and that's it, go to step-1 and type the same command, user will be able to switch to super-user mode without any problem.

$sudo su -
[sudo] password for break-it:
root@foo-bar-hostname ~ #


for more information on adding groups to sudoers list check manual pages.
$man -a sudo 







Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)