Home Blog CV Projects Patterns Notes Book Colophon Search

Debain Sudo

30 Apr, 2007

Sudo is one of those command I use quite a lot but I've never understood how to properly configure it until today.

All settings are defined in /etc/sudoers but you cannot edit this file directly, instead use the visudo command (but you have to be root first by running su).

The Debian default looks like this:

# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers file.

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

To add a new user you can add a line similar to the last one:

james    ALL=(ALL) ALL

This would give user james access to run sudo on any host (the first ALL), any command (the third ALL), as any user (the second ALL).

A common alternative setup is to specify something like %wheel ALL = (root) ALL which would mean any user in the wheel group (specified with the %) can run any command as root - using wheel for this purpose is something of a tradition. You can then manually add whichever users you like to the wheel group. Check there isn't a wheel group already:

cat /etc/group | grep wheel

then add a new group:

addgroup --system wheel

now you can add users to the group:

adduser james wheel

You may need to log out and log in again for the changes to take effect, I didn't.

Another useful use of sudo is to allow certain users to run certain commands which they wouldn't ordinarily have permission for.

For example to create a shutdown command you might do this:

# Cmnd alias specification
Cmnd_Alias      SHUTDOWN = /sbin/shutdown

Then you could give permission to a user to have this command like this:


You can even set this up so that password is not required when the user james uses sudo:


This sort of technique is very handy to allow for example a web-based application to run certain very specific commands.

Copyright James Gardner 1996-2020 All Rights Reserved. Admin.