"sudo" Command and Privilege

This section provides a tutorial example on how to grant 'sudo' privilege to a user to allow him/her to run 'sudo' command to gain 'root' permission without login as 'root'.

What Is "sudo" Command? "sudo" command allows to temporarily run a command with "root" administrative right. The basic syntax of the "sudo" command is:

sudo [sub-command]

The above command will prompt for your password. Once provided, the system runs the given sub-command under the "root" permission. This is a much safer way than login as "root" to run the given sub-command.

In order to run "sudo" command, the user must be granted with the "sudo" privilege first. This can be done in different ways.

1. Adding the user to the "wheel" group on RedHat, CentOS and similar systems. You need to make sure that the "wheel" group has the sudo privileges defined in the /etc/sudoers file.

(login as root)
root# usermod -aG wheel herong

root# grep wheel /etc/sudoers
%wheel	ALL=(ALL)	ALL

2. Adding the user to the "sudo" group on Debian, Ubuntu and similar systems:

(login as root)
root# usermod -aG sudo herong

You can verify your sudo privilege by running the "sudo id" command.

(login as herong)
herong$ id
  uid=1000(herong) gid=1000(herong) groups=1000(herong),10(wheel)...

herong$ sudo id
  (enter herong's password)
    uid=0(root) gid=0(root) groups=0(root)

3. Running commands as non-root users using "sudo -u" option. The following example shows that "apache" does not have permission to run the "conda" program.

herong$ sudo -u apache /usr/local/anaconda3/bin/conda
  [sudo] herong password:
  sudo: /usr/local/anaconda3/bin/conda: Permission denied

4. Removing the "sudo" privilege by removinng the user from the "wheel" or "sudo" group.

herong$ sudo gpasswd -d joe wheel

herong$ sudo gpasswd -d joe sudo

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

Users and Groups

 Manage User Groups

 Group Access Permissions on Files

"sudo" Command and Privilege

 "adduser/usermod/userdel" - Commands to Manage Users

 System Users and Groups

 Add Users and Groups Manually

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks

 References

 Full Version in PDF/EPUB