HostOnNet Blog


Allow User To Execute Programs With Root Privilages

You can use sudo to allow normal users to execute programs with root privileges.

sudo

Default sudo configuration file is /etc/sudoers

root@hon-pc-01:~# cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

root@hon-pc-01:~# 

It is better not to edit this file. Instead create file inside folder /etc/sudoers.d, this file is included by /etc/sudoers with directive

#includedir /etc/sudoers.d

sudoers config used on my PC are

root@hon-pc-01:~# cat /etc/sudoers.d/hostonnet 
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /usr/bin/atop
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /usr/sbin/iotop
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /sbin/cryptsetup
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /bin/mount
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /bin/umount
MY_USER_NAME_HERE ALL=(root) NOPASSWD: /usr/sbin/service apache2 restart
root@hon-pc-01:~# 

This allow me to run these commands with sudo. NOPASSWD means, it won’t prompt you for password. It is good for frequently used commands that do not case security issues.

To edit the file, use command like

visudo -f /etc/sudoers.d/FILE-NAME-HERE

Posted in Ubuntu