Adding sudoers
Posted by glenn gillen on Thursday, March 20, 2008
Posted in sudo, configuration
It seems that I’ve been getting a noticeable number of users searching on how to add themselves to the sudoers file, so in the interest of ensuring people get the content they want, here is a refresh.
Adding a user to sudoers file
Now I originally posted an article on how to add yourself to the sudoers file last year, but it’s seen a recent surge of interest on the search engines so I thought it might be time to expand on the topic, just a little. Be sure to check the original article for the basics. If you’ve got a problem running something as root, or you’re getting a capistrano error that “user isn’t in sudoers file” this is the first place to start.
Running sudo commands without a password
By default, sudo will require the user to enter their password before running a requested command. However, you can change this default behaviour with the NOPASSWD tag. See below:
glenn ALL = NOPASSWD: /bin/kill, /bin/ls
The line above will allow the user glenn to run the commands /bin/kill and /bin/ls on ALL machines without a password.
Preventing further executables from running
This is dependent on sudo being compiled with appropriate support, if it has however, you can prevent a user from running a command that will start up subsequent commands itself:
glenn ALL = NOEXEC: /usr/bin/more, /usr/bin/vi
This allows glenn to run vi on ALL machines, but stops him from creating a shell escape within that process.
Specifying wildcards for sudo in sudoers
If you want a user to be able to run anything in a particular directory it’s as easy as:
glenn ALL = /usr/bin/*
This lets glenn run anything in /usr/bin on any machine. Other wildcards you can use in the sudoers file are:
- ? a single character
- [...] matches any character in the given range
- [!...] matches any character NOT in the given range
Bookmark
