Explain the /etc/sudoers file structure and how to configure granular sudo access. Include examples of different sudo configurations.

Question

Accepted Answer

The /etc/sudoers file controls sudo access and must be edited with visudo command (never edit directly - visudo validates syntax preventing lockout). Basic syntax: user host=(runas_user:runas_group) commands. Example: john ALL=(ALL:ALL) ALL gives john full sudo access on all hosts, running any command as any user/group.

User specifications: root ALL=(ALL:ALL) ALL (root has full access), %sudo ALL=(ALL:ALL) ALL (group specification with % prefix - all sudo group members have full access), john ALL=(ALL) NOPASSWD: ALL (john doesn't need password for sudo), jane ALL=/usr/bin/systemctl,/usr/bin/service (jane can only run specific commands with sudo).

Command aliases simplify management: Cmnd_Alias SERVICES = /usr/bin/systemctl, /usr/bin/service then john ALL=(root) SERVICES allows john to run service management commands. User aliases: User_Alias ADMINS = john, jane, bob then ADMINS ALL=(ALL) ALL gives multiple users access. Host aliases for multi-host environments: Host_Alias WEBSERVERS = web1, web2.

Advanced configurations: john ALL=(apache) NOPASSWD: /usr/bin/systemctl restart httpd allows john to restart apache as apache user without password, useful for deployment scripts. Restrict to specific hosts: john WEBSERVERS=(ALL) ALL only on webservers. Deny commands: john ALL=(ALL) ALL, !/usr/bin/rm -rf / (whitelist with blacklist exceptions, though blacklisting is generally ineffective).

Best practices: use visudo always (syntax checking), prefer groups over individual users (easier management), use NOPASSWD sparingly (security risk), be specific with command paths (prevents PATH manipulation), validate command arguments where possible, include sudoers.d directory (includedir /etc/sudoers.d) for modular configuration, test sudo rules thoroughly, and document why each rule exists. Regular audits prevent permission creep.

Master Interviews
Anywhere, Anytime

Explain the /etc/sudoers file structure and how to configure granular sudo access. Include examples of different sudo configurations.

Problem Statement

Explanation

Practice Sets

Related Questions

Which command lists all files including hidden ones in Linux?

Which command prints the current working directory path?

Which command moves you one directory up in Linux?

Which command combination creates and removes directories?

Which command moves files in Linux?

More from Linux & Shell Scripting

Master Interviews Anywhere, Anytime

Explain the /etc/sudoers file structure and how to configure granular sudo access. Include examples of different sudo configurations.

Problem Statement

Explanation

Practice Sets

Related Questions

Which command lists all files including hidden ones in Linux?

Which command prints the current working directory path?

Which command moves you one directory up in Linux?

Which command combination creates and removes directories?

Which command moves files in Linux?

More from Linux & Shell Scripting

Master Interviews
Anywhere, Anytime