This document has the purpose of describing how to configure the /etc/sudoers file in order to create users with root privileges.
If you need to create users that perform administrative tasks such start or stop some services (like ssh, ndsd, novell-vmc, novell-tomcat, network , etc), create regular users in the operating system, etc., you can accomplish with the aid of the /etc/sudoers file. That file contains the rules that the user must fulfill when using the sudo command to perform any administrative task.
Additionally, using <sudo> you can have the following advantages:
- Log every movement of the user (when using the sudo command)
- Restrict privileges
The first thing to do is to use the visudo command in order to edit the /etc/sudoers file.
Once you enter the visudo command, you will see the content of the /etc/sudoers file.
As you can see most of the lines are commented, however the very important one is located under the User privilege specification.
This line root ALL=(ALL) ALL indicates that the user root can execute from ALL terminals, acting as a any user in the system and run ALL commands, in other words:
So if you have many system administrators and you want them to have root privileges (without actually using the root account) the only thing to do is to create as many entries in you /etc/sudoers file as administrators you have.
The following example add the bdiaz, dlugo, wvera, jsusunaga, etc accounts as system administrators with full root privileges:
On the contrary, if you need to prevent users to run certain commands, you can accomplish that using the special “!”
In this case we are preventing the users hvaquera, dmontiel and mcalvillo to run the /usr/bin/passwd, /bin/su and /bin/bash commands.
In order to add users into the /etc/sudoers file, the only thing to do is the following:
- Find where it says “root ALL=(ALL) ALL”.
- Type “o” to insert a new line below it.
- Now type what you want to insert, eg “username ALL=(ALL) ALL”.
- Hit esc to exit insert-mode.
- Type “:wq!” to save and exit.