Configuring root privileges for users with sudo

The Ubuntu Desktop or Server is installed with default root user; even on a cloud, you will get preinstalled Ubuntu server with an inbuilt root user. This account has full administrative access to perform administrative tasks. But sometimes, you need a different user account with root privileges or may be fewer privileges access. The user can use the sudo command with any command to get extra privileges.

This tutorial shows how to grant or provide sudo privileges to a newly created user.

Getting ready

You will need a root account or an account with root privileges.

How to do it…

Follow these steps to get the root privileges with sudo:

Add new user if required:

$ sudo adduser john

Make john a member of sudo group with the following command:

$ sudo adduser username sudo

How it works…

All sudo access rules are configured in a file located at /etc/sudoers. This file contains a list of users and groups that are allowed to use the sudo command:

/etc/sudoers

alan ALL=(ALL:ALL)ALL // allow sudo access to user alan%sudo  ALL=(ALL)  ALL // allow sudo access to members of sudo

The line "satish ALL=(ALL:ALL) ALL" defines the user “satish” with sudo privileges, which means new user satish can run any command like any other user.

The line %sudo ALL=(ALL) ALL defines that any member of system’s group sudo can run any command as any user.

We have to add a new user to the group sudo, and that user will automatically get sudo privileges. After getting the sudo group membership, the user needs to log out and log back in for the changes to take effect. To effect new privileges for the user need to be restart the shell. Optionally, you have always option to go and change the sudoers file as per requirements and specific condition.

Note:

Make sure that you use the visudo tool to make any changes to sudoers file.

Here, we will show you how to set a password-less sudo access and some extra benefits of sudo.

Setting password less sudo Privileges

sudo is very simple and useful to use temporary root privileges, but the only thing is you need to enter the password whenever you use sudo. This will create a problem for users who are set with no password. But you can solve this problem by setting the NOPASSWD flag in the setting using the sudoers file.

Open the sudoers file with the visudo command:

$sudo visudo

Select the line for user or group you want to allow password-less sudo access.

Add NOPASSWD after closing the bracket:

/etc/sudoers

%sudo   ALL=(ALL:ALL) NOPASSWD: ALL

Press Ctrl + O and then confirm with the Enter key to save the changes.

Press Ctrl + X to exit visudo.

After doing the above configuration, a user of the group sudo can use the sudo command without entering a password. You can also use a similar setting to a specific user for providing password-less access.

The sudoers program use cache authentication for small-time generally, it is for 15 minutes. When reusing the authentication within timeout, you will notice the terminal will not ask password again, and it works like password-less sudo without setting the NO PASSWORD flag.

Other uses of sudo

In addition to running a single command with sudo, you might want to execute a list of commands with the sudo privileges. Then, you can open a shell with root access (# prompt) with the command $sudo -s. The shell environment remains same as original user, but now you can execute commands as a root user.

Alternatively, you can switch user to root with the command $sudo su -. This command will open a new shell as a root user.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Articles