Sunday, September 22, 2013

sudoers file syntax (sudo by example)

Here the official (?) doc for sudoers and sudo. Particularly important in the sudoers file format. It's very important to read all the options, since it's very versatile and allows you to get well organized if you know them.

The sudoers file format is:

"user list" "host list" = "operator list" "tag list" "command list"
"tag list" is the NOPASSWD / PASSWD option, and it's optional.
where each list can be made of actual values or aliases (User_Alias Runas_Alias Host_Alias Cmnd_Alias)

A simple example here: how to give all root privileges to user vagrant:

Login as root
append this:
vagrant    ALL=(ALL)       ALL
exit visudo with :wq
sudo su - vagrant
cat /etc/sudoers

cat: /etc/sudoers: Permission denied (of course, vagrant user cannot see the /etc/sudoers file which is only read for root)

sudo cat /etc/sudoers

this one works, because it's being executed as the root user !

Hint: you can also use visudo -f /etc/sudoers.d/filename

No comments: