linux Tutoriaux data-src-img=

It can be necessary for various reasons to temporarily assign or not to a user root rights, this tutorial explains this principle.

Prerequisite

In order to change the users’ rights, your system must have the sudo and vim tools :

apt-get install sudo
apt-get install vim

If needed, the uninstallation can be operated in the following way :

apt-get remove sudo

Configuration

The sudoers configuration is operated by editing the /etc/sudoers file via the command :

visudo -c

# This file MUST be edited with the 'visudo' command as root.
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
# See the main page for details on how to write a sudoers file.
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL

We will notice the 4 following entities :

Entity defining groups of hosts.

Entity defining alias for the users to whom we assign rights.

Entity defining alias of commands.

Entity defining the users and the assigned rights, the user root is present by default.

Let’s provide some information about the user root :

The 1st ALL matches the user or User_Alias to whom we assign rights.

The 2nd ALL matches the user to whom root copies the rights.

The 3rd ALL matches the authorized commands Cmnd_Alias.

We are now establishing 3 users in a User alias, creating an alias of command Cmnd alias (the listing is visible in the arborescence /usr/bin):

visudo -c

# User alias specification
User_Alias AUTHORIZE_USER=user1,user2,user3

# Cmnd alias specification
Cmnd_Alias AUTHORIZE_CMD=/usr/bin/apt-get,/bin/ping

# User privilege specification
root ALL=(ALL) ALL
AUTHORIZE_USER ALL=(ALL) AUTHORIZE_CMD

Use

Now we can use the authorized commands preceded by sudo or not with the 3 users having the right previously configured :

/home/user1 ~ > sudo apt-get install apache2 -s
[sudo] password for user1: 

It is possible to withdraw the password request by configuring your user in the following way :

visudo -c

user4 ALL=(ALL) NOPASSWD:ALL