DEV Community

feng wei
feng wei

Posted on

visudo and /etc/sudoers

It may not be a good idea to grant full root-equivalent privilege to Unix-like OS users. Access should be granted based on actual needs.

You should not edit sudoers directly, by opening it in a text editor. Instead, edit it with visudo, which will verify its validity before saving the changes to disk.

/etc/sudoers


Host alias specification

User alias specification

Cmnd alias specification

User privilege specification

root ALL=(ALL:ALL) ALL

Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL

Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL


Here, "root ALL=(ALL:ALL) ALL" states that the user root, logged in to any hostname, may run, as a user or group, any command. The general form of this directive is:

user hostname=(run-as-user:run-as-group) command

The special word ALL may be used for any of these values and means that any are allowed.

hope myhost=(mysqluser:mysqlusers) mysqldump

User hope, when logged in to host myhost, may run the command mysqldump as user mysqluser or a member of group mysqlusers. For example, this directive would allow user hope to run this command:

sudo -u mysqluser -g mysqlusers mysqldump

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more