user ALL=(ALL) ALL
Here, user is the username of the user that is being assigned the privilege. For this to apply to a group of users on the machine you would prefix the name with a % (%user). First ALL entry represents the hosts that these permissions apply to. ALL option is always safe to use if the system is local. Second ALL entry in brackets defines what user the first user is applying the command as. In this example ALL option means that user can execute commands as any other user on system. Last ALL entry is a comma separated list of commands that the user will have access to. ALL means that user can execute any command that is privileged to user listed in second entry. Overall, this line is saying user can execute any command as any user on every host on the system simply by providing its password.
Personally, I use the above line on my system, simply because i'm the only user on it and it saves me time, but it isn't really safe on multiuser systems. Another example can be:
user ALL=(root) /usr/bin/apt-get, /sbin/halt
Here, the user can only use apt-get and halt commands as root user using sudo.
No comments:
Post a Comment