SlackwareThis Forum is for the discussion of Slackware Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
1. As root, run "visudo" to edit the sudoers file
2. Add a line for the user you want. Most people just do "username ALL=(ALL) ALL" but some would argue this is not what sudo is meant for.
3. Save and quit
As mentioned, the normal way is to use the /usr/sbin/visudo command.
Technically you do not have to use visudo, but the /etc/sudoers file normally has 440 permissions. To manually edit sudoers without visudo requires manually changing the permissions, edit the file, hope you do not make any silly editing mistakes, and then reset the permissions. Do know that sudo complains if the permissions of /etc/sudoers is not 440.
Thus the basic advice is just use visudo. As you can guess from the command name, the default editor that is used is vi. Elvis is the default vi in the stock Slackware. Fortunately, the stock Slackware build script uses the --with-env-editor build option. If you set the EDITOR or VISUAL environment variable to your preferred console text editor, then you will not be forced to use vi to edit the /etc/sudoers list. I use mcedit.
After you have added your user account you might want to update your user's $PATH to include /sbin and /usr/sbin so that you don't have to type the full path for admin commands when running them with sudo
Defaults timestamp_timeout = 0
User_Alias FULL = john
User_Alias PART = mary
Cmnd_Alias KILL = /bin/kill, /bin/killall
Cmnd_Alias HALT = /sbin/reboot, /sbin/halt, \
Cmnd_Alias MOUNT = /bin/mount, /bin/umount
root ALL = (ALL) ALL
FULL ALL = NOPASSWD: KILL, HALT, MOUNT
PART ALL = PASSWD: KILL, HALT, \
As you can see in this case user john has full access to all commands while user mary has restricted access to kill, killall, reboot, halt commands and suspend script (she have to confirm these commands using her password).
Ubuntu and friends totally bastardised/mis-used it making it seem to be the be-all and end-all of user safety/security.
Indeed, I have said this elsewhere but I think it is worth repeating here. For a home desktop/laptop set-up in particular, where typically only one person admins the machine there is no real advantage to sudo.
Consider if I wanted to run the fake command 'example' once as a root user. Here is what I would actually have to type (where $password is my actual password).
(Note: That is '[Ctrl]' and 'd' together to exit the root session, you obviously aren't typing the '+' character)
Ignoring the characters needed that are the same in both cases (i.e. 'example' followed by [Enter] and your password followed by [Enter]), you have to type 5 key presses to execute a single command as root via 'su' (s u [Enter] [Ctrl] d) and 5 key presses to execute a single command as root via 'sudo' (s u d o [space]). Or to put it another way, you save nothing using sudo.
If however you wanted to type two or more commands as root, you immediately start saving on the key presses by using 'su' instead of 'sudo'. Yes the second 'sudo' command does not require a password but as long as you have not closed your root session yet (i.e. no Ctrl+d) you don't have to type your password again with 'su' either and you save having to write 'sudo' for every single line.
There is also the point that outside of distros where 'sudo' is preconfigured (e.g. Ubuntu and derivatives) you save time configuring '/etc/sudoers' and setting up various admin variables for your regular user.
Indeed the other nice thing with using 'su' is that you can just open a root terminal for all your admin needs and you decide if and when you should close it, rather than relying on preconfigured time-out periods with 'sudo'.