In our previous article, we have seen how to configure
1. You have a user ‘
andrew‘ which is a Database Administrator. You want to provide him all access on the Database Server (beta.database_server.com) only, and not on any host.
For the above situation, we can write the ‘sudo‘ line as follows:
andrew beta.database_server.com=(ALL) ALL
2. You have a user ‘mark‘ which is supposed to execute system commands as a user other than root on the same Database Server which is explained above.
For this situation, we can write the ‘sudo‘ line as follows:
andrew beta.database_server.com=(mark) ALL
3. You have a
sudo user ‘tom‘ which is supposed to run command ‘’cat‘ only.
To implement this situation, we can write ‘sudo’ as:
andrew beta.database_server.com=(tom) dog
4. What if the user needs to be granted several commands?
If the number of commands the user wants to run is under 10, we can place all the commands alongside. We can set these commands with white spaces in between them, as shown below:
andrew beta.database_server.com=(cat) /usr/bin/command1 /usr/sbin/command2 /usr/sbin/command3 ...
If this list of command varies to the range, where it is literally impossible to type each command manually then we need to use aliases. Aliases are a Linux utility where a lengthy command or a list of commands can be referred to as a small and easy keywords.
Following are the few alias examples, which can be used in place of entry in ‘
User_Alias ADMINS=tom,jerry,adam user_Alias WEBMASTER=henry,mark
WEBMASTERS WEBSERVERS=(www) APACHE Cmnd_Alias PROC=/bin/kill,/bin/killall, /usr/bin/top
We can also specify System Groups, in place of users, which belongs to that group just suffixing ‘%’ as below:
%apacheadmin WEBSERVERS=(www) APACHE
5. How we can execute a ‘sudo‘ command without entering a password?
We can execute a ‘
kristy ALL=(ALL) NOPASSWD: PROCS
Here the user ‘kristy‘ can execute all the commands aliased under “PROCS”, without entering the
To add the user (adam) to sudo execute the below command as root.
adduser adam sudo
In this way, you can maintain your server security by assigning