Granting sudo Permissions
Linux has a robust permissions system. This way, you can control who can access certain files or perform certain actions on your server. Average users won’t need to have all the privileges of the root user. But sometimes a normal user will need elevated permissions to do something. They can do this, if allowed, using the sudo command.
The sudo command allows a user to run commands as if they were the root user. Depending on how your server is set up, root-only privileges could include restarting services, adding and deleting new users, or installing programs. To use the sudo command, a user simply types “sudo” in the command line prompt, followed by the command they need root permissions to run.
For example:
sudo service httpd restart
will restart Apache.
Giving a user sudo permissions will allow them to use their own password to act as the root user. Use caution when assigning sudo permissions to multiple users as root level users can make changes that can effect the server as a whole.
To give a user rights to use sudo, you need to edit a file called sudoers.
- Run the following to open an editor on the /etc/sudoers file (it shouldn’t be edited normally)
visudo
- There are multiple ways from here, choose either the user or group method. Group method is generally preferred.
[edit]group
- Uncomment the following line, to give users in the group ‘wheel’ sudo access, and save the file.
%wheel ALL=(ALL) ALL
- Add a user to the wheel group:
usermod -a -G wheel user
[edit]user - Add a line to visudo like the following (similar to the ‘root’ line), and save the file.
user ALL=(ALL) ALL
[edit]test - su to the user and test it out.
su user
sudo whoami
These instructions will let you give sudo permissions to users individually.