Configuring sudo to Enable Commands for Non-Root Users in Linux

This post describes how to give sudo permission to non-root users to enable or disable execution of commands. “sudo” tool is used to allow non-root users to run commands that require root privileges. It allows users to run commands as superuser or another user. Login as root user and open “/etc/sudoers” file in edit mode using visudo command:

# visudo
...
## Allow root to run any commands anywhere
root ALL=(ALL) ALL

# Allow kam user to execute iptables & tcpdump commands
# Syntax: Username Hostname= command1,command2

kam server1= /sbin/iptables, /usr/sbin/tcpdump

## Allows members of the 'sys' group to run networking, software,
...

Note: Here, ‘server1’ is the host name of the server. Save and exit visudo.

To enable or disable any command execution for non root user, please edit the same file /etc/sudoers and add or remove commands which you would like to disable for any specific user.

Sudoer file can be used to give root privileges to specific command for specific file. This can be done as:

[user] ALL=(ALL) [command_absolute_path] [file_list_seperated_via_comma]

Example:

Oracle ALL=(ALL) /bin/ls /opt/oracle.ExaWatcher/archive

The spcial symbol “*” can be used for whole subtree. For Example:

Oracle ALL=(ALL) /bin/ls /opt/oracle.ExaWatcher/archive/*

This provide ability to do “ls” with sudo on whole sub-treee (sub directory)

Related Post