The sudo command allows a user to run commands as if that person were signed in as the root user, Linux’s equivalent of the Windows Administrator account. This ability is useful for three reasons:
- It increases security.
- It allows greater control of privileged commands.
- It provides you with a better audit trail to understand who did what on your host.
[Note another good reason to use sudo rather than the root user on Ubuntu is that Ubuntu doesn’t enable the root user by default. You cannot sign on as the root user at all.]
Almost all of the commands used to manage users and groups require the privileges of the root user to run. For example, only the root user can create another user. When you run the sudo command, it will prompt you to enter your password (to confirm you are actually who you say you are), and then you are allowed to make use of the sudo command for a period of 5 minutes on CentOS and 15 minutes on Ubuntu. When this period expires, you will be prompted to enter your password again.
On Ubuntu, the sudo command is available and configured for the user you created when you installed Ubuntu. If you’re logged in as that user, you can use the sudo command already. You can also enable sudo access for other users by adding them to the admin group. You can use the usermod command (which you’ll see more of later in this chapter) to add a user to the group.
sudo usermod -G admin ataylor
Here we’ve used sudo and the usermod command to modify a user called ataylor. We’ve added the user to the admin group by specifying the -G option and the name of the group to add the user to. (Note that we’ve used the sudo command to do the user modification. The only user allowed to do this is the user you created when you installed the host; hence you must be logged in as that user to make this change.)
On CentOS, if you did not create the user (jsmith) as an administrator, the sudo command is not enabled by default, and you’ll need to enable it. To do this, you need to use a command called visudo to edit the sudo command’s configuration file, /etc/sudoers. To do this, you need to log on as the root user and run the visudo command.
As you can see from the # command prompt, you’re logging in as the root user and you’re executing the visudo command. This opens an editing application that looks much like the vi or vim editor. Inside this file is the following line:
# %wheel ALL=(ALL) ALL
Shown above, in this line the # indicates the line you are working on is a comment. You need to uncomment the line. To do this put your cursor near on the # and press the x key twice. That will delete the hash (or pound sign, #) and one space character in the line. Once done, write and quit the file using the same commands you would with vim by typing the colon character, :, and w and q followed by Enter, or :wq.
This enables any member of a group called wheel to use the sudo command. You can then add a user to the wheel group, as follows:
usermod –a wheel ataylor
Again, you specify the group, wheel, with the -a option and the name of the user you want to add to the
group last. Now the ataylor user can make use of the sudo command. You can also set the groups for a user
–G and this will replace any existing groups assigned to the user.
Published on Sun 12 February 2012 by Dale Bartholomew in Linux with tag(s): sudo