Using sudo to Delegate Privilege

Sometimes it’s useful to delegate superuser privilege to a Fedora user; however, giving him the superuser password gives him total control of the system. The sudo system enables superuser privilege to be delegated on a program-by-program basis.

How Do I Do That?

There are two parts to sudo: the /etc/sudoers file, which controls who can do what, and the sudo command, which enables authorized users to run commands with superuser privilege.

To configure /etc/sudoers, use the visudo utility, which will start vi so that you can edit the file. When you are done, it checks the syntax before installing it. If there is a syntax error, visudo will prompt you for a course of action; to see the available options, enter a question mark:

# visudo
>>> sudoers file: syntax error, line 17 <<<
What now? ?
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

What now? x

To enable the user chris to run the netstat and ifconfig commands as the superuser, add this entry to the sudoers file:

chris ALL=/bin/netstat,/sbin/ifconfig

This entry contains the username, the computers (in this case, ALL) on which this user can execute this command (useful if the sudoers file is shared among several machines, either through a file-sharing protocol or by copying the file), and a list of commands that may be executed as root.


Be careful selecting the commands to include in the list: if any of ...

Get Fedora Linux now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.