1] Introduction:

root is super user with unrestricted access to all system resources and files in Linux OS. The uid and gid of root user is 0 (zero). But many time the system/Linux admin wants to give some restricted access to some user or groups of user. In such case the sudo is the best technique to do this….

sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands. Normally they would not able to do it, due to file permission restrictions. The commands can be run as user “root” or as any other user defined in the /etc/sudoers configuration file.

All commands run as sudo are logged in the log file /var/log/messages.

2] Sudo configuration file – /etc/sudoers

/etc/sudoers file contains all the configuration and permission parameters needed for sudo to work. There are a number of guidelines that need to be followed when editing it with visudo.

Format of sudo file is as below…

user_names/group_name servername = (usernames command can be run as) command

3] How to open sudo file.. /etc/sudoers

Always use visudo command to open /etc/sudoers file

root@indiangnu.org:~# visudo

4] How to permit few user to start/restart/stop apache server.

* open sudore file by using above command

# access to Apache2 and MySQL to webgroup group with out password

%webgroup ALL= NOPASSWD: /etc/init.d/apache2

%webgroup ALL= NOPASSWD: /etc/init.d/mysql restart

web ALL= NOPASSWD: /etc/init.d/apache2

* In above example the users in group webgroup can only restart MySQL, they can’t stop or start MySQL service.

# access to Apache2 with password to user webuser

webuser ALL= /etc/init.d/apache2

# Members of the myroot group may gain root privileges

%myroot ALL=(ALL) ALL

4] How to use sudo

web@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
* Forcing reload of apache 2.0 web server… [ ok ]
web@indiangnu.org:~$

** Here in below example the webuser need to enter his password to very that ‘webuser’ is authentic user.

webuser@indiangnu.org:~$ sudo /etc/init.d/apache2 restart
Password:
* Forcing reload of apache 2.0 web server… [ ok ]
webuser@indiangnu.org:~$