Member-only story
Sudoers file in Unix
With sudoers users can be granted to run commands as the root user without needing the root password — hence they only need to enter their password, not the root password. So if not done correctly, those misconfigured users or groups at sudoers may be god-like.
When you issue a “sudo” or “su” command, Linux checks a special file called “sudoers” file (Or LDAP) and sees if you are allowed to be granted the root privileges. If your name is not on the list, then no rights. If you don’t have sudo privileges then you may have to manually add your username to the sudoers file. You can find the sudoers file in “/etc/sudoers”.
policy syntax of a sudoers file:
Example 1: tim ALL=(root) ALL
Here the “tim” is the name of the account or the group. And first ALL is for specifying all the machines (the sudoers file can be shared between multiple systems). And (root) is for specifying that “tim” can log in as root user (after issuing tim’s password). Last, ALL is for specifying that after tim logged in as root user, he can issue any of the commands.
Example 2: tim ALL = (root) NOPASSWD: command_a
Here tim can log in as the root user and issue the command “command_a” without needing to type the password. So now when tim run the command: “sudo command_a”, he will not be…
