The sudoers File

In this lesson, we will explore how to delegate administrative privileges using the sudo command and how to manage sudo permissions through the /etc/sudoers file. This will enable us to run commands as another user, typically the superuser, which is essential for performing system administrative tasks.

Let's take a look at our john_doe user if he tries to run the sudo command:

Bash

john_doe@ip-10-0-7-219:/home/iacadmin$ sudo whoami
# [sudo] password for john_doe: 
# john_doe is not in the sudoers file.  This incident will be reported.

We can see that the user was unable to run the sudo command because they are not in the sudoers file. In this lesson, you will learn how to fix this issue.

Understanding the Sudoers File

The /etc/sudoers file is a crucial configuration file that specifies which users and groups can run what commands on which hosts, and as which users. It's a central part of the sudo system and requires careful editing to ensure system security and functionality.

Syntax of the Sudoers File

The syntax for entries in the /etc/sudoers file is as follows:

user host=(run_as_user:run_as_group) commands

Here's a breakdown of the syntax user host=(run_as_user:run_as_group) commands:

user :
- This is the username of the individual who is being granted permissions. This could also be a %group if you are specifying a user group instead of an individual user.
host :
- This specifies the hostname or hostnames on which this rule applies. This allows for host-specific rules in environments where the /etc/sudoers file is shared across multiple machines.
(run_as_user:run_as_group) :
- This part specifies as which user and/or group the commands can be executed.
- run_as_user: The username that the user is allowed to switch to.
- run_as_group: The group name that the user is allowed to switch to.
- If either…