sudo command is required when executing a command with some other user’s permission. Other user can either be root or else. Why we need to execute command with root’s permission? There are some commands that do some change in the system which are dangerous and can bring the system down, only root has such permissions.
WITH GREAT POWER COMES GREAT RESPONSIBILITY!
One can also switch user via su command and then execute the desired command but sudo is much more secure than su. Commands (along with arguments) executed with sudo are logged in a file. For Red Hat distros, /var/log/secure saves all the logs and for debian based, its /var/log/auth.log.
The file /etc/sudoers can be edited for configuring sudo and giving privileges to individual users or group of users.
Setting up sudo
For an individual user
Syntax for allowing an individual user (here Ayush) is:
ayush ALL=(ALL) ALL
“ayush” here is username of the user you want to allow
“ALL” specifies that sudo is accessible from all terminals
“(ALL)” specifies all users
“ALL” for all commands
For a group
Entry in sudoers file goes like:
%linuxstall ALL=(ALL) ALL
“linuxstall” can be replaced by the name of group.
Execute commands as root
Once the sudoers file is all set, you can now execute commands as root. For an instance, mount command can only be executed by root, but things go well with sudo.
sudo mount /dev/sda1 /mnt
Use sudo command on the fly while editing in vim
There are some files that only root can save (say /etc/group) but having sudo in hand, it can be done as follows:
sudo vim /etc/group
But, if you have opened the file as a normal user and wish to save but unable as only root can do that- sudo is your friend:
:w !sudo tee %
Above command will the save the file for you as a root even when you didn’t use it while opening. sudo just doesn’t mind!
If a user is not listed in sudoers file and tries to use sudo, admin will be notified by making a log entry and user will get following error:
<user> is not in the sudoers file. This incident will be reported.