Managing permissions is a crucial part of maintaining a secure Linux system. If you need to give a regular user administrative privileges, you’ll have to grant them sudo access. In this guide, we’ll show you how to give user sudo access in Linux safely and effectively, whether you’re using Ubuntu, CentOS, or any other Linux distribution.
Table of Contents
- Give user sudo access in Linux – Full access
- Explain the sudo user?
- How to give different sudo permissions to normal users?
- How to give only some command access permissions to normal user.
- How to give sudo permissions to one group or groups.
- How to create command alias and give these command access to a user.
- How to create user alias and add the users in to that alias and give some command acess.
- How to set time interval to zero so that whenever the sudo user executes any command then it will ask password for every command.
- In which location the sudo user commands history is logged?
Give user sudo access in Linux – Full access
Any user with full sudo privileges has root access to the Linux command line. When we execute commands in the terminal that call for access to the filesystem’s root directories or files, this is necessary.
Explain the sudo user?
● Sudoers (nothing but sudo users) allows particular users to run various root user commands without needing a root password.
● /etc/sudoers is the configuration file for sudoers to configure the normal user as privileged user.
● It is not recommended to open this file using # vim editor because this editor cannot check the syntax by default and whatever we typed in that file that will blindly save in this file.
● So, one editor is specially available for opening this file, ie.,# visudo and all normal users cannot execute this command. Only root user can run this command.
● Once this file is opened nobody can open this file again on another terminal because “The file is busy” message is displayed on the terminal for security reasons.
How to give different sudo permissions to normal users?
Open the /etc/sudoers file by executing #visudo command and go to line no. 98 and type as
| Username | Machine | Command |
|---|---|---|
| root | ALL=(ALL) | ALL |
| raju | All= | ALL |
Example:
# visudo raju ALL=(ALL) ALL
—-Save and exit this file.
Note:
When we trying to save this file if any syntax errors in this file, those errors are displayed with line no’s and What you do ? (will be displayed, here press ‘e’ to edit this file and modify those errors or mistakes and save save this file.
● Now a Normal user raju can run any command with sudo priviledge
● Let’s Verify the same by run below command to switch to user raju if logged in by other user.
# su - raju
Now the normal user raju can also add the users to the system by adding sudo before the command.
# sudo useradd <useradd>
Note: We can assign sudo permissions to ‘n’ no. of users by specifying names separated by commas ( , ) or line by line.
How to give only some command access permissions to normal user.
Instead of giving all permissions to normal user we can give only some commands by editing /etc/sudoers files and adding below lines.
Example :
# visudo student ALL=/usr/sbin/useradd, /usr/sbin/usermod raju ALL=NOPASSWD:/usr/sbin/useradd, /usr/sbin/usermod
How to give sudo permissions to one group or groups.
* We can also apply to one group or groups as follows.
* First create the users, assign one group to those users and also assign the passwords for
those users. Open /etc/sudoers file by executing the command # visudo and type as follows.
Syntex:
%<group name> ALL=ALL
Example:
%oracle ALL=ALL
How to create command alias and give these command access to a user.
* We can also create one command alias and add some commands to that alias
and mention that alias to users as follows by editing /etc/sudoers files and adding below lines..
#visudo Cmnd_Alias NETWORKING=/usr/sbin/route, /usr/sbin/ifconfig <username> <machines>=<command alias name> raju ALL=NETWORKING
How to create user alias and add the users in to that alias and give some command acess.
* We can also create one user alias and add the users to that alias and
assign some commands to that alias as follows.
Syntex:
User_Alias <user alias name>=<user1>, <user2>, <user3>, ....
Example:
# visudo User_Alias OURTEAM=raju, shyam, ram, gopal OURTEAM ALL=ALL
How to set time interval to zero so that whenever the sudo user executes any command then it will ask password for every command.
# visudo
Defaults timestamp_timeout=0
Note: The above will apply to all users including root also. If we want to make it as only for normal users, then
Defaults : <user1>, <user2>, <user3> timestamp_timeout=0
Note:By adding the above timestamp_timeout, the system will ask passwords for user1, user2, user3 to execute sudo commands each time
In which location the sudo user commands history is logged?
All the sudo users commands history is logged in /var/log/secure file to make a record of sudo user commands.
To see the contents of this file
# cat /var/log/secure
To see the updates of this file continuously and press ctrl + c to quit the tailf
# tailf /var/log/secure
Read Also | EX200 RHCSA Exam Questions with Solutions: Your Path to RHEL 9 Certification
Granting the right permissions is essential for secure system management. By following these steps, you can easily give user sudo access in Linux, ensuring they have the necessary administrative rights without compromising system security.
