Tuesday, 21 December 2010

Visudo editing

Visudo is a command that opens /etc/sudoers file for editing. Editing sudoers file is essensial if for some reason user needs to be able to execute superuser commands via sudo command. Simple example line to put in /etc/sudoers file might be:

user ALL=(ALL) ALL


Here, user is the username of the user that is being assigned the privilege. For this to apply to a group of users on the machine you would prefix the name with a % (%user). First ALL entry represents the hosts that these permissions apply to. ALL option is always safe to use if the system is local. Second ALL entry in brackets defines what user the first user is applying the command as. In this example ALL option means that user can execute commands as any other user on system. Last ALL entry is a comma separated list of commands that the user will have access to. ALL means that user can execute any command that is privileged to user listed in second entry. Overall, this line is saying user can execute any command as any user on every host on the system simply by providing its password.

Personally, I use the above line on my system, simply because i'm the only user on it and it saves me time, but it isn't really safe on multiuser systems. Another example can be:

user ALL=(root) /usr/bin/apt-get, /sbin/halt


Here, the user can only use apt-get and halt commands as root user using sudo.