Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for sudoers

February 25, 2020

Wheel Group

Here’s an alternate way to give Linux users sudo access by adding them to the wheel group. Most Linux systems come with the wheel group already predefined. By adding users to the wheel group, they now have the ability to sudo and run root commands. The wheel group is in the sudoers file for Redhat, Centos, Debian and Ubuntu.

usermod -aG wheel username

usermod -aG wheel username

July 7, 2019

Sudo With No Password

If you’re the only user on your system, you don’t need to be prompted every time you run the sudo command.

Add yourself to the sudoers file.

# create a new file
sudo visudo -f /etc/sudoers.d/users

# create a new file sudo visudo -f /etc/sudoers.d/users

Add this line.

# add your username
username ALL=(ALL) NOPASSWD:ALL

# add your username username ALL=(ALL) NOPASSWD:ALL

Exit and try again.

# exit out and login again
exit
# try to sudo again
sudo -i
# there's no password prompt for sudo this time

# exit out and login again exit # try to sudo again sudo -i # there's no password prompt for sudo this time

April 8, 2019

Sudoers Directory

What’s in the /etc/sudoers.d/ directory? It’s a group of files with the following format as displayed in the code below. In the example, the file allows a Linux group or an AD group to assume the role of root, via the sudo command. As long as the group uses the correct format, and is located inside the /etc/sudoers.d/ directory, that group will have access to root.

%groupname  ALL=(ALL)   NOPASSWD: ALL

%groupname ALL=(ALL) NOPASSWD: ALL

December 21, 2017

Sudoers

The /etc/sudoers file gives users the ability to run commands that are typically reserved for administrators. The commands require a password or no password, depending on how you set them up in the sudoers file. The sudoers file can’t be edited using any text editor. You have to use visudo.

$ visudo

$ visudo

Add groups to access sudo.

# Allow users in techgroup to run all commands
%techgroup   ALL=(ALL)   NOPASSWD: ALL
# Allow users in techgroup without a password
%techgroup   ALL=(ALL)   NOPASSWD: ALL
# Allow users in techgroup to shutdown the system
%techgroup   localhost=/sbin/shutdown -h now
#includedir /etc/sudoers.d

# Allow users in techgroup to run all commands %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup without a password %techgroup ALL=(ALL) NOPASSWD: ALL # Allow users in techgroup to shutdown the system %techgroup localhost=/sbin/shutdown -h now #includedir /etc/sudoers.d

Typically you have to add your groups in the sudoers file. Notice the last line. Sudoers will include config files found under the /etc/sudoers.d directory. In certain circumstances, there are others pieces of software such as compliance software CFEngine that writes over changes in the sudoers file. If this is the case, then you have to add your groups in a file inside the /etc/sudoers.d directory.

  • Cloud
  • Linux
  • Git

Copyright © 2012–2021