Linux User Permissions & Sudo Access
Introduction
Section titled “Introduction”This guide explains how to manage user privileges in Linux, including sudo access and the sudoers file.
Sudo Access
Section titled “Sudo Access”Users with sudo access can run commands as root.
Granting Sudo Access
Section titled “Granting Sudo Access”Add user to the sudo group:
usermod -aG sudo usernameThe Sudoers File
Section titled “The Sudoers File”Located at /etc/sudoers. Use visudo to safely edit the sudoers file.
In the sudoers file, you will find entries like:
username ALL=(ALL:ALL) ALL ^ ^ ^ ^ ^ | | | | | | | | | └─ What | | | └────── As group (not mandatory) | | └────────── As user | └─────────────── Where └───────────────────── Who- Who: The user or group (group with % in front of name, like: %groupname) to witch this applies to.
- Where: The machines(s) this right applies on.
- As user: The user that the user or group is allowed to sudo into. (It will look like the account sudoed into is doing stuff)
- As group: Same as
As user, except now for a group that the user or group is allowed to sudo as. - What: What commands the user or group can run.
Example:
Section titled “Example:”alice ALL=(bob) /usr/bin/systemctl, /usr/bin/rebootHere alice is allowed to use the systemctl and reboot command on all machines as bob.
%sales ALL=(marketing_spectator) NOPASSWD: /usr/bin/catHere, all users from the sales group are allowed to perform cat commands as the marketing_spectator user on all machines, without the need of filling in a password.
note: Avoid giving full sudo access unless absolutly necessary.
Common groups and their permissions.
Section titled “Common groups and their permissions.”sudo: Has full root access on a machine.
adm: Members can read system logs in the /var/log directory.
wheel: Is a group that gives root privileges in some Linux distributions.
To see the permissions of the current user, you can issue the sudo -l command.