Sudo: Running commands as root without being root

Introduction link

Sudo is frequently used and very practical because it allows occasional execution of commands as root without being logged in as root. It has several security options for usage.

Installation link

It’s super simple as usual:

  apt-get install sudo
  

Configuration link

Edit the /etc/sudoers file and adapt according to your needs…

Give all rights to a person link

Warning: this operation is equivalent to giving all root rights to a person. They will be able to change the root password, see everything, delete everything. If you wish to apply this type of rights, add this:

  username    ALL=(ALL) ALL
  

Replace username with the name of the user in question.

Allow only one application to be run as root link

If, for example, a user needs to be root to perform a recurring task, which is (most of the time) a script that will run in the background, there should not be a password request, otherwise it cannot execute. This is why you should do it like this:

  username ALL=NOPASSWD: /my/script.sh
  

Put the username at the beginning, then the script or command that this user will have the right to run. You can even put arguments to force the user to use this command only with certain arguments.

Multiple authorizations link

To combine authorizations, simply put a comma:

  username ALL=(ALL) ALL, NOPASSWD: /my/script.sh
  

Usage link

Once a person has the rights, just use sudo, followed by the command:

  username@machine $ sudo /my/script.sh
  

Get the list of available commands link

Here I’m checking the properties for user pmavro:

  $ sudo -l
[sudo] password for pmavro: 
User pmavro may run the following commands on this host:
    (ALL) ALL