[sudoers]How-to edit '/etc/sudoers'?
Hello,
May i ask that: #1: How-to edit '/etc/sudoers'(aka 'sudo' Policy) file if: The 'root' user want a nonRoot user 'bh0laJi' to be able to execute "/bin/shutdown -h now" and a script '/bin/rdshft.sh', and nothing else as 'sudo'. #2: What does each of the 'ALL' in "ALL=(ALL:ALL) ALL" mean? Distribution: Debian+, ArchLinux... Thanking you... |
edit sudo with visudo and test your results at once.
Plenty of examples online. It's very fussy on syntax, spacing, etc. |
Quote:
In all seriousness, do remember to test your changes in another window before closing your editor session. The manual page for sudoers is a bit overwhelming, see "man sudoers" anyway. In ALL=(ALL:ALL), the first part before the equal sign refers to the FQDN of the systems in question. The parts inside the parenthesis are the use and group one may switch to. Often people write (ALL:ALL) when they really mean (root:root) instead. You might look at the second edition of sudo Mastery by Michael W Lucas for an excellent explanation of all the capabilities. He also did a presentation which is preserved in Youtube as sudo: You're Doing It Wrong, along with accompanying slides somewhere. However the book is better. Then for your first question: Quote:
Code:
%bh0laJi ALL=(root:root) /bin/shutdown -h now, /bin/rdshft.sh "" Code:
%bh0laJi ALL=(root:root) /bin/shutdown, /bin/rdshft.sh "" |
Three ways exist to edit the sudoers file:
1) visudo 2) sudoedit 3) plain text editor, which I would strongly discourage unless you know what you're doing I personally am in the habit of using sudoedit because I have a list of text files specified as needing privileged access to modify and sudoedit does the job nicely, without having to switch between apps. |
All times are GMT -5. The time now is 07:34 AM. |