So, you are a system administrator on a Fedora or a CentOS GNU/Linux machine and a user requests that you upgrade their account to allow the execution of privileged commands using sudo
.
Warning
Be very careful to which users you give this right!
Being in the Sudoers list allows particular users to run various commands as the root user, without needing the root password.
Assuming that the user has a valid reason for you to add them to the Sudoers list, proceed with the commands below:
Using sudo
If you are using an account that is already in the Sudoers list and you want to allow the account useraccount
to use sudo
, execute the following
sudo chmod +w /etc/sudoers sudo echo 'useraccount ALL=(ALL) ALL ' >> /etc/sudoers sudo chmod -w /etc/sudoers
Using the root account
If you are using the root user account and you want to allow the account useraccount
to use sudo
, execute the following
chmod +w /etc/sudoers echo 'useraccount ALL=(ALL) ALL ' >> /etc/sudoers chmod -w /etc/sudoers
Notes
The /etc/sudoers
file must have very limited access rights for it to be valid.
The system expects that:
- it will be owned by the
root
user - it will belong to the group
root
- it has only that read access right
- the read access right belongs only to the owner and to the group
For this reason we first use chmod +w
to enable the right access on the file, then we append at the end of the file our configuration using echo >>
and finally we remove the write access using chmod -w
.
In case you are wondering how the file should be, using ls -l
it should appear as follows:
ls -l /etc/sudoers -r--r-----. 1 root root 3762 Oct 19 13:21 /etc/sudoers
If for some reason your file does not have these access rights, you can repair the file access right of your /etc/sudoers
file using
sudo chmod 440 /etc/sudoers
Bonus
No password
Using the above method, it will prompt the user to enter their account password when they first want to use a sudo
command after some time of inactivity.
In case you want the user to execute sudo
without using a password at all (which is dangerous and definitely not recommended) use the following code
chmod +w /etc/sudoers echo 'useraccount ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers chmod -w /etc/sudoers
The NOPASSWD
directive in the echo command will instruct the system to not ask for a password when sudo
is needed.
A valid occasion for you to allow this would be to allow an automated script to perform some tasks that require elevated privileges without the need to have the password hardcoded in the script not having to get the user involved each time in the process.
Adding a whole group to the sudoers list
Assuming you want enable all users of a specific group to execute sudo
commands
Using sudo
If you are using an account that is already in the Sudoers list and you want to allow all the users of the user group usergroup
to use sudo
, execute the following
sudo chmod +w /etc/sudoers sudo echo '%usergroup ALL=(ALL) ALL ' >> /etc/sudoers sudo chmod -w /etc/sudoers
Same thing without a password
sudo chmod +w /etc/sudoers sudo echo '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoers sudo chmod -w /etc/sudoers
Using the root account
If you are using the root user account and you want to allow all the users of the user group usergroup
to use sudo
, execute the following
chmod +w /etc/sudoers echo '%usergroup ALL=(ALL) ALL ' >> /etc/sudoers chmod -w /etc/sudoers
Same thing without a password
chmod +w /etc/sudoers echo '%usergroup ALL=(ALL) NOPASSWD: ALL ' >> /etc/sudoers chmod -w /etc/sudoers