Sudo is used for providing access to root (Super admin) commands to non-root users. For example, As an administrator, you want to provide access to restart the webserver to user nick, but he cannot make any changes to its configuration. You can provide sudo access to user nick to do it.
To edit sudo configuration file use:
The above command will open /etc/sudoers file in an editor. This file is the main configuration file for sudo settings. In the sudoers file, you will get an entry like below. This provides privileges to root user to do anything.
root ALL=(ALL) ALL
Sudores File Syntax
The format of /etc/sudores is as below
user host:runas command
- user – Name of user, Use % sign to specify a group name like %webadmins
- host – Computer hostnames
- runas – User for run as, common options are used root or ALL
- command – One or more root level command
Provide Access to User
Now if you want to provide web server reboot privileges to user nick, add below configuration in the sudoers file
nick ALL=(root) NOPASSWD: /etc/init.d/httpd restart
NOPASSWD means no verification is required if you leave this out, nick will have to re-enter his own password. Now user nick can restart web server using following command.
sudo /etc/init.d/httpd restart
Provide Access to Group
To provide access to the superuser commands to a group of users. Define the group name started with the % symbol. As per the below example, all the users with group webadmin will have the privilege to execute the command.
%webadmin ALL=(root) /etc/init.d/httpd restart