Skip to content

This document is a WORK IN PROGRESS.
This is just a quick personal cheat sheet: treat its contents with caution!


sudo

sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.

Reference(s)

Table of contents


Install

# emerge -a app-admin/sudo
# pacman -S sudo
# apt install sudo
# yum install sudo
# dnf install sudo

Config

  • Configure sudo, e.g. to give the user resu the same privileges as root:

    # sudo EDITOR=vi visudo # edit the sudoer file
        > ...
        > # time sudo will remember a password (-1 for infinite):
        > Defaults:resu timestamp_timeout=15
        >
        > # Root privilege specification
        > root ALL=(ALL:ALL) ALL
        >
        > # Members of the admin group may gain root privileges
        > %admin ALL=(ALL) ALL
        >
        > # Allow members of group sudo to execute any command
        > %sudo ALL=(ALL:ALL) ALL
        >
        > # give a user the same privileges as root:
        > resu ALL=(ALL) ALL
        > ...
    

  • Add a user to the sudo group

    $ su
    # grep "sudo" /etc/group || groupadd sudo # create the sudo group if it doesn't exists
    # usermod -a -G sudo resu # add "resu" to sudo group ("resu" will have to logout and log back in)
    # exit
    

  • Print the current sudo configuration:

    $ sudo -ll
    $ sudo -lU resu # print sudo config for a specific user
    

  • Give a user sudo rights, without password check, for a specific directory (e.g. ~/bin/):

    $ sudo EDITOR=vi visudo
        > ...
        > resu ALL=(ALL) ALL
      + > resu ALL=(ALL) NOPASSWD: /home/resu/bin/*
        > ...
    

  • Give a user sudo rights, without password check, anywhere:

    $ sudo EDITOR=vi visudo
        > ...
      ~ > resu ALL=(ALL) NOPASSWD: ALL
        > ...
    


Use

Now sudo can be prepend to any command in order for this command to be executed as root.

  • Create a file as root:

    $ sudo touch /tmp/test
    

  • Enter the root shell as if you logged in with the root user:

    $ sudo -i
    


If this cheat sheet has been useful to you, then please consider leaving a star here.