What are sudo commands? On common occasions, most users in a Linux based VPS do not have root access when there are times you need a higher privilege to access within the VPS. Sudo commands allow sudoer, who isn’t a root user, to access a file or system, in the situation when you need to be either a root user or a user with higher privileges. By default, root users don’t need the sudo command. In this guide, you will be able to learn how to configure the sudoer file to suit your server needs.
Editing The File
The sudoer file is located at the “/etc/sudoers” directory, and to edit the file, use the following command.
sudo visudo -f /etc/sudoers
The visudo command assures that only 1 sudoer is editing the file one at a time and also provides necessary syntax checks. It is recommended to always use visudo command whenever you are editing the sudoer file.
After that, to view the users in the sudoer group, you can list out all the users in the sudoer group using the following command.
grep 'sudo' /etc/group
After running the command above, you should be able to see a list of sudoers of the server. To add a new user into the sudoer group, use the following command.
adduser <user_name> sudo
Replace the “<user_name>” with the username of the user you want to add into the sudoer group. You may check the list of users in the sudoer group again and you will be able to find the new user being added into the group.
Inversely, to remove a sudoer out of the sudoer group, use the following command.
deluser <user_name> sudo
While “adduser” command is to add users to the group, the “deluser” command removes users from the group. When checking the list again after removing a user, the user will not be listed in the group, which means the user wouldn’t be able to use the sudo command anymore.
Granting Specific Privileges
However, in the case where the user is not within the sudoer group, but we need him to perform a specific command which can only be done with a higher privilege, such as networking. In such cases, we can actually grant the user just for the particular specific command. First, create a configuration file for networking in the directory “/etc/sudoers.d/” by using the following command.
sudo visudo -f /etc/sudoers.d/networking
After creating the file, add the following text into it.
Cmnd_Alias CAPTURE = /usr/sbin/tcpdump Cmnd_Alias SERVERS = /usr/sbin apache2ctl, /usr/bin/htpasswd Cmnd_Alias NETALL = CAPTURE, SERVERS %netadmin ALL=NETALL
The file created another group called netadmin, where the group users can run commands that are specified in NETALL. For the next step, use the following command to add the users into the newly created group.
sudo adduser <user_name> netadmin
Replace “<user_name>” with the username of the user to give them the privileges to run networking commands such as tcpdump, and others. With this, you should be able to configure the sudoers file for the needs of your VPS.