{"id":38056,"date":"2022-08-01T09:00:10","date_gmt":"2022-08-01T01:00:10","guid":{"rendered":"https:\/\/www.casbay.com\/guide\/?post_type=kb&p=38056"},"modified":"2022-09-07T20:14:28","modified_gmt":"2022-09-07T12:14:28","slug":"2-linux-based-vps-tips-config-sudoer-file","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/2-linux-based-vps-tips-config-sudoer-file","title":{"rendered":"2 Linux Based VPS Tips On Configuring Sudoers File"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

What are sudo commands? On common occasions, most users in a\u00a0Linux based VPS<\/a> do not have root access when there are times you need a higher privilege to access within the VPS. Sudo commands allow sudoer, who isn\u2019t a root user, to access a file or system, in the situation when you need to be either a root user or a user with higher privileges. By default, root users don\u2019t need the sudo command.\u00a0In this guide, you will be able to learn how to configure the sudoer file to suit your server needs.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Editing The File<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The sudoer file is located at the \u201c\/etc\/sudoers\u201d directory, and to edit the file, use the following command.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
sudo visudo -f \/etc\/sudoers<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The visudo command assures that only 1 sudoer is editing the file one at a time and also provides necessary syntax checks. It is recommended to always use visudo command whenever you are editing the sudoer file.<\/p>

After that, to view the users in the sudoer group, you can list out all the users in the sudoer group using the following command.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
grep 'sudo' \/etc\/group<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

After running the command above, you should be able to see a list of sudoers of the server. To add a new user into the sudoer group, use the following command.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
adduser <user_name> sudo<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Replace the \u201c<user_name>\u201d with the username of the user you want to add into the sudoer group. You may check the list of users in the sudoer group again and you will be able to find the new user being added into the group.<\/p>

Inversely, to remove a sudoer out of the sudoer group, use the following command.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
deluser <user_name> sudo<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

While \u201cadduser\u201d command is to add users to the group, the \u201cdeluser\u201d command removes users from the group. When checking the list again after removing a user, the user will not be listed in the group, which means the user wouldn\u2019t be able to use the sudo command anymore.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Granting Specific Privileges<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

However, in the case where the user is not within the sudoer group, but we need him to perform a specific command which can only be done with a higher privilege, such as networking. In such cases, we can actually grant the user just for the particular specific command. First, create a configuration file for networking in the directory \u201c\/etc\/sudoers.d\/\u201d by using the following command.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
sudo visudo -f \/etc\/sudoers.d\/networking<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

After creating the file, add the following text into it.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
Cmnd_Alias\u00a0 \u00a0 \u00a0CAPTURE = \/usr\/sbin\/tcpdump\nCmnd_Alias\u00a0 \u00a0 \u00a0SERVERS = \/usr\/sbin apache2ctl, \/usr\/bin\/htpasswd\nCmnd_Alias\u00a0 \u00a0 \u00a0NETALL = CAPTURE, SERVERS\n%netadmin ALL=NETALL<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The file created another group called netadmin, where the group users can run commands that are specified in NETALL. For the next step, use the following command to add the users into the newly created group.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t
sudo adduser <user_name> netadmin<\/pre>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Replace \u201c<user_name>\u201d with the username of the user to give them the privileges to run networking commands such as tcpdump, and others. With this, you should be able to configure the sudoers file for the needs of your VPS.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

What are sudo commands? On common occasions, most users in a\u00a0Linux based VPS do not have root access when there are times you need a higher privilege to access within the VPS. Sudo commands allow sudoer, who isn\u2019t a root user, to access a file or system, in the situation when you need to be […]<\/p>\n","protected":false},"author":1,"featured_media":38058,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[109],"kbtag":[106,105],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/38056"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=38056"}],"version-history":[{"count":9,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/38056\/revisions"}],"predecessor-version":[{"id":38095,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/38056\/revisions\/38095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media\/38058"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=38056"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=38056"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=38056"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=38056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}