The reason and how to edit sudoers file in Linux
What is file sudoers?
The sudoers file is a text file located in '/ etc / sudoers' and controls how sudo works on the machine. You're probably familiar with sudo's primary role of elevating the current account's privileges to root, superuser privileges on all Unix-based systems. This allows users to execute commands that are currently prohibited.
When to edit sudoers file?
When you install Linux (or macOS) for the first time, the first and default users are automatically added to the sudoers file so that the file can run administrative tasks using the sudo command. However, if you create a new user account, it will not have superuser rights by default. If you need to grant it superuser permissions, you'll need to edit the sudoers file and add this user account to it.
How do I edit sudoers file?
Never edit a sudoers file in a regular text editor. This can lead to concurrent editing and corrupted files, potentially denying any admin access. Sudoers have to be edited by running visudo in Terminal, like so:
sudo visudo
Note that you need to use sudo to run visudo. This will open the sudoers file using the default text editor in Terminal (Nano by default).
What does changing file sudoers do?
The main job of the sudoers file is to determine which users can use sudo for what. It also has some simple options that you can adjust first to get a feel for how visudo works.
Change timeout sudo
By default, entering the sudo password will elevate your permissions until you close the shell or exit. This can be insecure, and some people prefer entering a password every time they use sudo.
Step 1. Run sudo visudo as mentioned above.
Step 2. Press Alt + / to navigate to the end of the document. If you are using Vi or Vim, press Shift + G .
Step 3. Create a new line at the end of document and add the following line:
Defaults timestamp_timeout=0
This will set the sudo timeout to 0 seconds, so you will have sudo privileges for 0 seconds after you execute the first command. If you prefer a different time period, enter that value in seconds.
You can also set the timeout to ' -1 ', which gives you an infinite grace period. But don't do that! That might accidentally crash the system one day.
Step 4. Press Ctrl + O to save and Ctrl + X to exit.
Restrict who can use sudo and what
The main purpose of the sudoers file is to control which users can run sudo. Without sudo, users cannot elevate their permissions. If you have multiple users accessing the same system through the shell, you can control their access by setting the values in sudo.
Every sudoers file will have the following line:
root ALL=(ALL) ALL
This allows the root user on all hosts to use all users to execute all commands. ALL is a special value in the sudoers file, meaning 'no limit'. The syntax is as follows:
username hostlist = (userlist) commandlist
If you want to add another user as root, just copy the root line and change the user like this:
alexander ALL=(ALL) ALL
For more control you can add a line like this, which will only allow 'alexander' users to run apt-get update .
alexander ALL=(ALL) /usr/bin/apt-get update
Put '%' in front of the user and it will define a group. The line below will allow all users in the "admin" group to have root privileges. This will be the group defined by the operating system permissions groups.
%admin ALL=(ALL) ALL
Change the visudo editor
Depending on the version of Linux you are running, there are two main ways to change the editor.
For Ubuntu, you will want to run the Terminal command below:
sudo update-alternatives –config editor
You should see something like this:
There are 4 choices for the alternative editor (providing /usr/bin/editor). Selection Path Priority Status ------------------------------------------------------------ * 0 /bin/nano 40 auto mode 1 /bin/ed -100 manual mode 2 /bin/nano 40 manual mode 3 /usr/bin/vim.basic 30 manual mode 4 /usr/bin/vim.tiny 10 manual mode Press enter to keep the current choice[*], or type selection number: 3
If you want to choose Vim as a visudo editor from the Nano default option, you'll need to tap on option 3 and press Enter.
For other Linux versions you will want to add a new line to your '~. / Bashrc' file like below:
export EDITOR="vim"
Then save the file. The visudo editor will change to Vim.
You should read it
- TOP 5 ISO file editing software on Windows 10/11
- What file is M4A? How to open, edit and convert M4A files
- Micro editor in Unix / Linux
- What file is XSD? How to open, edit and convert XSD files
- PDFio.co - Service of creating, protecting, converting PDF, ... online, support Vietnamese, free on many devices
- What file is PAT? How to open, edit and convert PAT files
- What file is 3GP? How to open, edit and convert 3GP files
- M3U is what file? How to open, edit and convert M3U files
- What is a config file? How to safely edit the config file?
- Simple and fast steps to edit Host File on Windows 10
- What is WMV file? How to open, edit and convert WMV files
- What is an XML file and how to open it?