Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
SudoHowto
Edit
PageHistory
Diff
Info
LikePages
You are viewing an old revision of this page.
View the current version
.
!!! A short guide to setting up sudo(1) [sudo | http://www.sudo.ws/] is configured in the <tt>/etc/sudoers</tt> file, which is documented in sudoers(5). Unfortunately, that ManPage seems written for people who want to write a clone of sudo, rather than use it, so it is unnecessarily difficult to understand the syntax by reading its documentation. The task is further complicated by the fact that the syntax is somewhat baroque. ''Hint to the sudo programmers: humans are not yacc parsers, so a parser grammar is not suitable documentation.'' Be aware that sudo(1) is very picky about correct syntax in its configuration file and will refuse to work if you make the slightest mistake. (Considering that sudo(1) can grant SuperUser privileges, this is not an entirely bad idea, user-unfriendly as it may be.) Therefore, you should use the visudo(1) tool to edit the file, rather than opening it directly. <tt>visudo</tt> will check your changes for correctness after saving them, and will inform you of any errors, in which case it will offer to reject the changes or re-edit the file. Of course, <tt>visudo</tt> itself requires SuperUser privileges, so launch it using <tt>su -c visudo</tt>. Note that <tt>visudo</tt> may insist on making you use vi(1) to edit the file, though some configurations may respect your choice of TextEditor according to the <tt>EDITOR</tt>/<tt>VISUAL</tt> EnvironmentVariable~s. If this bugs you, edit <tt>/etc/sudoers</tt> with another editor, then use <tt>visudo -c</tt> to check it for correctness. You can also add With all that said, let's proceed to the disproportionately short piece of configuration text that all this noise had to be made about. Copy the following line into the file: <pre> %wheel ALL=(ALL) NOPASSWD: ALL </pre> That's it. Now all users in the group <tt>wheel</tt>, by longstanding [Unix] tradition the group which contains the SystemAdministrator~s, will be able to use <tt>sudo</tt> to invoke any command, running as any user (but defaulting to root), without being prompted for a password. Of course, this requires putting your regular user account in that group; if there really will only ever be one user to use <tt>sudo</tt> on your machine, you can omit this step by using the line <pre> ''username'' ALL=(ALL) NOPASSWD: ALL </pre> <br><br> !!! A longer guide to setting up sudo(1) [sudo | http://www.sudo.ws/] offers many more capabilities than just letting one or more users do anything at all as anyone at all. That flexibility is why it's so hard to configure in the first place, and is very useful in actual multi-user situations, where some users only need to be able to do one (or a few) specific thing(s) requiring SuperUser privileges. F.ex., such a scenario might involve a webmaster who should be able to restart the WebServer which runs as <tt>root</tt>, and be able to kill any processes which run as <tt>wwwuser</tt> or some other unprivileged account that the WebServer uses to actually deliver pages, but should not have full root access to the machine. ''However, I mostly wanted to have a quick description on how to set up sudo(1) for people who run [Linux] on their home [PC]s, so I'm not going to go into that here and now. I may come back to this at some point. In the meantime, there is useful material about that available via [Google]. --AristotlePagaltzis'' Feel free, of course, to AddToMe.
One page links to
SudoHowto
:
NewUserTips