Sudo (su “do”) the name it’self indicates that switching user and to do some command as other user specifically as a root user. The difference between su and sudo is that, su is switch user so that we should know the password of user to whom we are going to switch to get his rights. In most of the cases we use su to switch from regular user to root user.
But this is a security threat for the superuser password it’self, as we have to share this to people who want to login as root user. Its not advisable to use su command to switch user to root account. If an admin wants to give a normal user some/all admin rights depending on his/her requirements so that he can execute some system level commands and all this is done without knowing root user password.
How to implement sudo permissions for an user?
To use sudo the sudo package should be installed on the server.
Step1: quarry for the sudo package
#rpm -q sudo
Step2: If the sudo package is not installed install it by below command
#rpm -ivh sudo.versionno.arch.rpm
Step3: Configuring sudousers
there is no space between vi and sudo in the above command and we have to edit sudousers file like this. when you execute the above command it opens a temporary file which contains all sudo related configuration in it. You will find something like below
# sudoers file.
# This file MUST be edited with the ‘visudo’ command as root.
# See the sudoers man page for the details on how to write a sudoers file.
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
This file is self explanatory on left hand side you will see what are users able to execute commands on RHS.
We will see some examples to better understand above file.
user alias specification you can find it
this is the place where we can put user names to whom I want to give sudo permissions
so this is my sample file
here I declared surendra to use sudo
I set CMD to /usr/sbin/useradd so if I combined USER variable and CMD variable
the user surendra can execute useradd command without having admin rights
so this the way I can combine the USER and CMD
so USER(surendra) can execute all the commands(ie CMD)
so after doing that save and exit that file
so log-in as surendra
and to access sudo you have to use like below
Like this we can add as many commands as possible which are not available to normal users