So, you are a system administrator on a Fedora or a CentOS GNU/Linux machine and a user requests that you upgrade their account to allow the execution of privileged commands using sudo.
Warning
Be very careful to which users you give this right!
Being in the Sudoers list allows particular users to run various commands as the root user, without needing the root password.
Assuming that the user has a valid reason for you to add them to the Sudoers list, proceed with the commands below:
Using sudo
If you are using an account that is already in the Sudoers list and you want to allow the account useraccount to use sudo, execute the following
1 2 3 | sudo chmod +w /etc/sudoerssudo echo 'useraccount ALL=(ALL) ALL ' >> /etc/sudoerssudo chmod -w /etc/sudoers |
Using the root account
If you are using the root user account and you want to allow the account useraccount to use sudo, execute the following
1 2 3 | chmod +w /etc/sudoersecho 'useraccount ALL=(ALL) ALL ' >> /etc/sudoerschmod -w /etc/sudoers |
Notes
The /etc/sudoers file must have very limited access rights for it to be valid.
The system expects that:
- it will be owned by the
rootuser - it will belong to the group
root - it has only that read access right
- the read access right belongs only to the owner and to the group
For this reason we first use chmod +w to enable the right access on the file, then we append at the end of the file our configuration using echo >> and finally we remove the write access using chmod -w.
In case you are wondering how the file should be, using ls -l it should appear as follows:
1 2 | ls -l /etc/sudoers-r--r-----. 1 root root 3762 Oct 19 13:21 /etc/sudoers |
If for some reason your file does not have these access rights, you can repair the file access right of your /etc/sudoers file using
1 | sudo chmod 440 /etc/sudoers |
Bonus
No password
Using the above method, it will prompt the user to enter their account password when they first want to use a sudo command after some time of inactivity.
In case you want the user to execute sudo without using a password at all (which is dangerous and definitely not recommended) use the following code
1 2 3 | chmod +w /etc/sudoersecho 'useraccount ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoerschmod -w /etc/sudoers |
The NOPASSWD directive in the echo command will instruct the system to not ask for a password when sudo is needed.
A valid occasion for you to allow this would be to allow an automated script to perform some tasks that require elevated privileges without the need to have the password hardcoded in the script not having to get the user involved each time in the process.
Adding a whole group to the sudoers list
Assuming you want enable all users of a specific group to execute sudo commands
Using sudo
If you are using an account that is already in the Sudoers list and you want to allow all the users of the user group usergroup to use sudo, execute the following
1 2 3 | sudo chmod +w /etc/sudoerssudo echo '%usergroup ALL=(ALL) ALL ' >> /etc/sudoerssudo chmod -w /etc/sudoers |
Same thing without a password
1 2 3 | sudo chmod +w /etc/sudoerssudo echo '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoerssudo chmod -w /etc/sudoers |
Using the root account
If you are using the root user account and you want to allow all the users of the user group usergroup to use sudo, execute the following
1 2 3 | chmod +w /etc/sudoersecho '%usergroup ALL=(ALL) ALL ' >> /etc/sudoerschmod -w /etc/sudoers |
Same thing without a password
1 2 3 | chmod +w /etc/sudoersecho '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoerschmod -w /etc/sudoers |
This post is also available in: Greek
