Find the answer to your Linux question:
Results 1 to 6 of 6
Hi all - Relatively new to Linux, but I'm trying to grasp the proper way to modify the sudoers file. As an example, what would I have to modify in ...
  1. 06-03-2010 #1
    tejama
    tejama is offline
    Just Joined!
    Join Date
    Apr 2010
    Posts
    2

    [SOLVED] Editing sudoers

    Hi all - Relatively new to Linux, but I'm trying to grasp the proper way to modify the sudoers file. As an example, what would I have to modify in /etc/sudoers to allow a user (say 'user1' for the example) to be able to add/remove software through yum? I'm aware of the fact that I need to use visudo and how to use the vi editor.

    I've Googled this topic and while I've found a number of pages on the topic, I never see many examples.

    Thanks in advance!
  2. 06-03-2010 #2
    coopstah13
    coopstah13 is offline
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    there are examples in the file
    Code:
     29 # Samples
 30 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 31 # %users  localhost=/sbin/shutdown -h now
    it would look like this
    Code:
    user1 ALL=/usr/bin/yum
  3. 06-04-2010 #3
    nujinini
    nujinini is offline
    Linux Engineer nujinini's Avatar
    Join Date
    Apr 2009
    Posts
    1,229
    Hi and Welcome tejama!

    I am not sure if this is what you are looking for but you might want to give it a try too:

    Code:
    su -
password
nano /etc/sudoers
    Which will open this. Notice the Red colored fonts below. Add users (jun) under ROOT and follow the ALL =(ALL) ALL and I gues the users added can use sudo afterwards.

    Code:
    ## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.

## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands...

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclien$

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe$

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear$
#         You have to run "ssh -t hostname sudo <cmd>".
#
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear$
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    requiretty

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COL$
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGE$
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORIT$

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
##	user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root    ALL=(ALL)	ALL
jun     ALL=(ALL)	ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LO$
    nujinini
    Linux User #489667
  4. 06-04-2010 #4
    coopstah13
    coopstah13 is offline
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    editing the file that way is a really bad idea
  5. 06-04-2010 #5
    hazel
    hazel is offline
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    955
    Yeah, you should only use visudo to edit sudoers.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
  6. 06-04-2010 #6
    tejama
    tejama is offline
    Just Joined!
    Join Date
    Apr 2010
    Posts
    2
    Regarding visudo, I Google'd visudo and for any future newbies who read this thread the purpose of using visudo as opposed to a text editor is:

    - visudo does a "sanity" check after edits to check syntax
    - it locks the sudoers file so that only one person can edit the file at a time

    Thanks for the examples guys!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...