Sudo is used for providing access to root (Super admin) commands to non-root users. For example, As an administrator, you want to provide access to restart the webserver to user nick, but he cannot make any changes to its configuration. You can provide sudo access to user nick to do it.

To edit sudo configuration file use:

visudo

The above command will open /etc/sudoers file in an editor. This file is the main configuration file for sudo settings. In the sudoers file, you will get an entry like below. This provides privileges to root user to do anything.

root ALL=(ALL) ALL

Sudores File Syntax

The format of /etc/sudores is as below

user  host:runas  command
  • user – Name of user, Use % sign to specify a group name like %webadmins
  • host – Computer hostnames
  • runas – User for run as, common options are used root or ALL
  • command – One or more root level command

Provide Access to User

Now if you want to provide web server reboot privileges to user nick, add below configuration in the sudoers file

nick  ALL=(root) NOPASSWD: /etc/init.d/httpd restart

NOPASSWD means no verification is required if you leave this out, nick will have to re-enter his own password. Now user nick can restart web server using following command.

sudo /etc/init.d/httpd restart

Provide Access to Group

To provide access to the superuser commands to a group of users. Define the group name started with the % symbol. As per the below example, all the users with group webadmin will have the privilege to execute the command.

%webadmin ALL=(root) /etc/init.d/httpd restart