linux - What types of users can I use with "sudo"?

07
2014-07
  • pnongrata

    I thought you could only use sudo to temporarily become root:

    sudo vim /etc/resolv.conf

    But recently I saw a shell snippet depicting a user using sudo to become a specific user:

    sudo -H -u devops -s

    Where devops was not the original username. After becoming devops, the user now had elevated privileges.

    So are there ways of creating more than 1 root user? What is devops's relation to root in the example above? How do these elevated-but-not-quite-root users get created/managed?

    Also, same question, but for su.

    Thanks in advance!

    • Answers
  • terdon

    Taken from the man page:

    sudo is used to execute commands as another. Root or any other user that you have creds for. So, devops is just another user on the system.

    DESCRIPTION

    sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

    UPDATE;

    Same for su. Any user, root or other user on system. Here is the man page:

    su - run a shell with substitute user and group IDs

    SYNOPSIS

    su [OPTION]... [-] [USER [ARG]...]

    DESCRIPTION

    Change the effective user id and group id to that of USER.

  • lopsided98

    sudo can be used to run a command as any user (with the -u option). In your example devops was another user on the system. "devops" probably had more privileges to read and write to certain directories. The same goes for su where you can specify a user as a parameter. Both su and sudo switch to the root user by default.

  • nerdwaller

    Any user can have sudo rights on a unix system. devops is simply one of those users on that system, but by default the only user account should be root and the others are added (though distros like Ubuntu have the user who is setup during install in that list too).

    If you need various users (or groups) sudo privs, look into # visudo. You can specify what users can access what with root rights. (be careful with that, if you give 'guest' access to vim with root privs, they could adjust system files, for example).


    • Related Question

    linux - User not in the sudoers file. This incident will be reported
  • Sergiy Byelozyorov

    I need to install a package. For that I need root access. However the system says that I am not in sudoers file. When trying to edit one, it complains alike! How am I supposed to add myself to the sudoers file if I don't have the right to edit one?

    I have installed this system and only administrator. What can I do?

    Edit: I have tried visudo already. It requires me to be in sudoers in the first place.

    amarzaya@linux-debian-gnu:/$ sudo /usr/sbin/visudo 

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for amarzaya: 
amarzaya is not in the sudoers file.  This incident will be reported.
amarzaya@linux-debian-gnu:/$

    • Related Answers
  • Hamish Downer

    It would be something of a security hole if you could add yourself to /etc/sudoers without having sudo or root access. Basically then anyone could make themselves root.

    Basically you need to ask the administrators of that machine to add you, or to install the package for you, as per the policies of the site.

    You should also be sure to use visudo to edit the sudoers file - it checks that the syntax is correct before writing the file. And you can use editors other than vi with visudo. It will by default use whatever you have set as $EDITOR and if you don't have it set you could do

    # EDITOR=nano visudo

    to use the nano editor instead.

  • Ricket

    Login as root and use /usr/sbin/visudo to edit the file and add your username. Normal vi/vim will not be able to edit the file.

    The easiest way is to just go down until you see the line "root ALL=(ALL) ALL" and add yourself under that with the same syntax (yourusername ALL=(ALL) ALL). Or, you can read the sudoers manpage if you want to give yourself more specific privileges.

  • Kazark

    Just typed the command:

    $ su

    And asked for the password "root". Typed and boom... It worked!

    This problem was my mistake. Due to be back at the facility at the time I created the username and password.

  • Alain Pannetier

    If your sudoers file already contains this kind of line 

    # Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

    Then, the cleanest way of doing things is probably to grant the admin group to your user. For instance, to add user oracle to the admin group:

    usermod -aG admin oracle
  • Bengt

    Perhaps the easiest way, once you're root, is:

    echo 'amarzaya ALL=(ALL) ALL' >> /etc/sudoers
  • Synetech

    If you cannot use the sudo command, then you can use the following method:

    1. Press Ctrl+Alt+F1
    2. Log the user out if the user is not root
    3. Log in as root
    4. Use root privileges
    5. Log out (exit) – Ctrl+Alt+F7 to get to the GUI
  • Alastair

    Sign in using the following first:

    $ su

    Then go ahead with:

    $ sudo apt-get update

    or whatever as normal