In our previous article, we have seen how to configure sudo user in Linux. Here we are going to see some of the situations, and their corresponding ‘sudo‘ line configurations. This will help you to allow the sudo user to run a specific system command. so, lets get started:

1. You have a user ‘andrew which is a Database Administrator. You want to provide him all access on the Database Server (beta.database_server.com) only, and not on any host.

For the above situation, we can write the ‘sudo‘ line as follows:

andrew beta.database_server.com=(ALL) ALL
2. You have a user ‘mark‘ which is supposed to execute system commands as a user other than root on the same Database Server which is explained above.

For this situation, we can write the ‘sudo‘ line as follows:

andrew beta.database_server.com=(mark) ALL
3. You have a sudo user ‘tom‘ which is supposed to run command ‘’cat‘ only.

To implement this situation, we can write ‘sudo’ as:

andrew beta.database_server.com=(tom) dog
4. What if the user needs to be granted several commands?

If the number of commands the user wants to run is under 10, we can place all the commands alongside. We can set these commands with white spaces in between them, as shown below:

andrew beta.database_server.com=(cat) /usr/bin/command1 /usr/sbin/command2 /usr/sbin/command3 ...

If this list of command varies to the range, where it is literally impossible to type each command manually then we need to use aliases. Aliases are a Linux utility where a lengthy command or a list of commands can be referred to as a small and easy keywords.

Following are the few alias examples, which can be used in place of entry in ‘sudo‘ configuration file.

User_Alias ADMINS=tom,jerry,adam
user_Alias WEBMASTER=henry,mark
WEBMASTERS WEBSERVERS=(www) APACHE
Cmnd_Alias PROC=/bin/kill,/bin/killall, /usr/bin/top

We can also specify System Groups, in place of users, which belongs to that group just suffixing ‘%’ as below:

%apacheadmin WEBSERVERS=(www) APACHE
5. How we can execute a ‘sudo‘ command without entering a password?

We can execute a ‘sudo‘ command without entering a password by using ‘NOPASSWD‘ flag as shown in the following sudo line.

kristy ALL=(ALL) NOPASSWD: PROCS

Here the user ‘kristy‘ can execute all the commands aliased under “PROCS”, without entering the password.

However, sudo configuration is easy. Some of the Linux distributions have “sudo” enabled by default while most of the Linux distros of today need you to enable it as a Security Measure.

To add the user (adam) to sudo execute the below command as root.

adduser adam sudo 

In this way, you can maintain your server security by assigning sudo access to other users to whom you want to grant specific system access.

Leave a Reply

Your email address will not be published. Required fields are marked *