DEV Community

Cover image for Sudoers Configuration in Linux
Aryan Vaishnani
Aryan Vaishnani

Posted on

Sudoers Configuration in Linux

#linux #ubuntu

The sudoers configuration controls:

  1. Who can use sudo
  2. Which commands users can run
  3. Security and privilege management

Main configuration file:

/etc/sudoers

What is sudo?

sudo means:

Super User DO

Allows normal users to run commands with elevated privileges.

Example:

sudo apt update

Sudoers File

Main file:

/etc/sudoers

Important Rule

Never edit with normal editors directly.

Wrong:

vim /etc/sudoers

Correct:

sudo visudo

visudo checks syntax before saving.

Basic sudoers Syntax

Example:

aryan ALL=(ALL:ALL) ALL

Meaning

Part Meaning
aryan Username
ALL Any host
(ALL:ALL) Any user/group
ALL Any command

Give Full sudo Access

Add User to sudo Group

Ubuntu/Debian:

sudo usermod -aG sudo devuser

RHEL/CentOS:

sudo usermod -aG wheel devuser

Check sudo Access

sudo -l

Allow Specific Command Only

Example:

devuser ALL=(ALL) /bin/systemctl restart nginx

User can only restart nginx.

Real-World Usage

Used in:

  1. Automation servers
  2. CI/CD pipelines
  3. DevOps scripts

Safer Passwordless Example

jenkins ALL=(ALL) NOPASSWD: /usr/bin/docker

Allows only Docker commands.

Sudoers Include Directory

Additional configs stored in:

/etc/sudoers.d/

Example

sudo visudo -f /etc/sudoers.d/devops

Add:

devops ALL=(ALL) ALL

Why /etc/sudoers.d/ is Preferred

  1. Cleaner configuration
  2. Easier management
  3. Safer during updates

Common sudoers Aliases

User Alias

User_Alias DEVOPS = aryan,devuser

Command Alias

Cmnd_Alias SERVICES = /bin/systemctl restart nginx

Example Combined Rule

DEVOPS ALL=(ALL) SERVICES

Real-World DevOps Example

Kubernetes Admin Access

devops ALL=(ALL) NOPASSWD: /usr/bin/kubectl

Restrict Dangerous Commands

Example:

devuser ALL=(ALL) ALL, !/bin/rm

Blocks:

sudo rm

Check sudo Logs

Ubuntu/Debian:

cat /var/log/auth.log

RHEL/CentOS:

cat /var/log/secure

Real-World Security Importance

Improper sudo configuration can cause:

  1. Root privilege escalation
  2. Server compromise
  3. Unauthorized access

Best Practices

  1. Use visudo only
  2. Follow least privilege principle
  3. Avoid unrestricted NOPASSWD
  4. Use /etc/sudoers.d/ for custom configs
  5. Audit sudo access regularly
  6. Log and monitor sudo activity

Top comments (0)