The sudoers file.

[dos2unix]

Understanding the sudoers File in Linux​

The sudoers file in Linux is a configuration file that controls the sudo command, which allows users to execute commands with superuser privileges. This file is typically located at /etc/sudoers and should be edited using the visudo command to ensure syntax correctness.

Basic Syntax​

The basic syntax of the sudoers file is as follows:

user host = (runas) command

• user: The username or group name.
• host: The hostname where the rule applies.
• runas: The user as whom the command will be run.
• command: The command that can be executed.

Examples​

1. Group Example
   To allow all members of the admin group to execute any command as any user:
   

   %admin ALL=(ALL) ALL

2. User in a Group Example
   To allow a specific user, john, who is part of the admin group, to execute any command:
   

   john ALL=(ALL) ALL

3. Single User Example
   To allow a single user, alice, to execute any command:
   

   alice ALL=(ALL) ALL

4. Single User with NOPASSWD Option
   To allow bob to execute any command without being prompted for a password:
   

   bob ALL=(ALL) NOPASSWD: ALL

5. User with Limited Command Access
   To allow dave to run only apt-get update and apt-get upgrade as root:
   

   dave ALL=(ALL) /usr/bin/apt-get update, /usr/bin/apt-get upgrade

Using the visudo Command​

The visudo command is used to safely edit the sudoers file. It locks the file to prevent simultaneous edits, performs syntax checks, and ensures that the file is not corrupted.

To edit the sudoers file, use:

sudo visudo

This command opens the sudoers file in the default text editor (usually vi or nano). After making changes, visudo will validate the syntax before saving.

Listing User Privileges with sudo -l​

To see what privileges a user has, you can use the sudo -l command. This command lists the allowed and forbidden commands for the invoking user.

To list your own privileges, use:

sudo -l

To list the privileges of another user, use:

sudo -l -U username

Difference Between su and sudo​

Both su and sudo are used to execute commands with elevated privileges, but they work differently:

• su (substitute user): Switches to another user account, typically the root account, and requires the target user's password. For example, su - switches to the root user and loads the root user's environment variables.
• sudo (superuser do): Executes a single command with superuser privileges and requires the current user's password. It is safer as it grants elevated privileges only for the specified command.

The su - Option​

Using su - (or su --login) switches to the target user's environment as if they had logged in directly. This includes setting environment variables such as HOME, SHELL, USER, and LOGNAME, and changing to the target user's home directory.

 

[CaffeineAddict]

After making changes, visudo will validate the syntax before saving.

I don't think it will do it automatically, upon saving changes with visudo you have to run sudo visudo -c to check validity.

 

[dos2unix]

I don't think it will do it automatically, upon saving changes with visudo you have to run sudo visudo -c to check validity.

Mine doesn't show me my mistakes in real time, but it doesn't let me save the file.
I get an abiguous, error on line 13 error. What error? What kind of error? Not very helpful sometimes.

root@nuc1:~# visudo -c
/etc/sudoers: parsed OK

root@nuc1:~# visudo
/etc/sudoers:121:26: Host_Alias "SUM" referenced but not defined