Welcome to the most active Linux Forum on the web.
Go Back > Blogs > Debian, This That and the Other
User Name


Over several years of using Linux distros (Debian happens to be my fave) and BSDs for my primary computing, I've picked up the odd piece of useful info.
Rate this Entry

Set that sudo up.

Posted 09-29-2009 at 08:54 PM by ofaring
Updated 12-06-2009 at 10:24 AM by ofaring

This isn't a howto but rather a basic example on setting up "sudo".

Sudo is an excellent tool to aid your pursuit of security and unnecessary root usage. Regardless of what certain individuals will say, and unfortunately some of them even put distros together, using the root account all the time is begging for trouble. So...

Is it already installed on your Debian system? While you might be using aptitude or synaptic, my preference is for apt-get.
% dpkg -l | grep -i sudo
Not there?
# apt-get install sudo
I love Debian.

In order to modify /etc/sudoers, you need to use visudo (as root, obviously) instead of your normal text editor. Here is an example from my /etc/sudoers file.
# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers file.

Defaults	env_reset

# User privilege specification
root	ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%operator ALL=(root) NOPASSWD: /sbin/shutdown
%operator ALL=(root) NOPASSWD: /sbin/halt
%operator ALL=(root) NOPASSWD: /sbin/reboot
%operator ALL=(root) NOPASSWD: /usr/sbin/hibernate
%operator ALL=(root) NOPASSWD: /usr/sbin/hddtemp
%operator ALL=(root) NOPASSWD: /bin/mount
%operator ALL=(root) NOPASSWD: /bin/umount
%operator ALL=(root) NOPASSWD: /sbin/ifup
%operator ALL=(root) NOPASSWD: /sbin/ifdown
%operator ALL=(root) NOPASSWD: /usr/sbin/ntpdate-debian
While you can modify as you like, I've added myself to the operator group. There are different ways of doing this. You can use the usermod command like so:
# usermod -a -G operator your_user_name
If you have ZSH installed and configured decently, try:
# usermod -a -G o<tab> <first letter of user name><tab>
That's how I roll, baby.
Or you could carefully modify /etc/group as root with your fave editor. If the group doesn't exist you can add it (man 8 groupadd), or choose another relevant group such as "sudo" or "staff", or put your own username in place of "operator" - not forgetting the percent symbol.

Voila! All sorts of wonderful things are available to your regular user/s without having to use root.
Posted in Examples
Views 2619 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 11:31 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration