Question

42

sudoers - simple explanation requested

rated 0 times [ 42] [ 0] / answers: 1 / hits: 19229 / 3 Years ago, thu, september 2, 2021, 6:31:30

Everytime I want to be able to run something that requires me to be a sudoer too many times, I need to google for the formatting of /etc/sudoers to remind me again what exactly is the proper way to write it.

Now I see different writing styles in my sudoers file, which is the consequence of different google results over the months. I've also noticed that the second example (below) seems to work in XFCE, but not in Cinnamon (Gnome 3). This could be totally unrelated, but nontheless I'd like to know once and for all, what is the correct grammar of the sudoer line, and what is the difference between the given examples?

redsandro ALL=NOPASSWD:/path/to/command

redsandro ALL=(ALL) NOPASSWD:/path/to/command

redsandro ALL=(ALL:ALL) NOPASSWD:/path/to/command

Also, what are all the ALL's for? One user, one command, yet I need to use the ALL keyword up to three times? Am I doing this wrong?

Of course, omitting NOPASSWD: makes you enter your password before you are permitted to run the command, but one point of confusion is the usage of = and :, for the final command that is the subject of the line can be prepended by either =, :, , or ), confusing grammar for similar semantics.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

rstride

Add To Favorites

Follow

Total Points: 305

Total Questions: 112

Total Answers: 118

Location: Mali

Member since Sat, Dec 26, 2020

3 Years ago

rstride questions

1 How can I downmix stereo audio output to mono in PipeWire (on 22.10)?

Thu, Sep 22, 22, 12:37, 2 Years ago

1 Ubuntu 22.04.1 LTS Bluetooth not working, default adapter not found

Sat, Jul 23, 22, 12:51, 2 Years ago

1 HDMI port not working with Ubuntu

Fri, Feb 10, 23, 12:32, 1 Year ago

1 Ubuntu 20.04: No WiFi Adapter found due to Microcode SW error detected, iwlwifi error code 5

Wed, Oct 13, 21, 06:56, 3 Years ago

1 When I turn off Ubuntu, it shows black screen but it doesn't power off

Sun, Dec 4, 22, 19:59, 1 Year ago

View All

answered 3 Years ago saucdisr · Accepted Answer

It's more than just a user and a command:

redsandro host=(user:group) tag:commands

host specifies the host names this line is valid for. Unless you are sharing asudoers file among different hosts that need different rules using the special value ALL meaning "all hosts" is a good choice.

user specifies which users you can use with the -u options to run the command. If you omit this you can't use the -u option.

group specifies which groups you can use with the -g options. If you omit it you can't use the -g option.

Both user and group understand the special value ALL as "all users/groups"

If you omit the whole (user:group) thing you can't use -u and -g but only run the command as root.

tag lets you specify some options, like NOPASSWD

So with your first example you can run the command as root but can't use -u and -g to run it as any other user or group.

With example 2. you can run the command as root or use -u to run it as any other user.

With 3. you can run the command as root or use -u or -g to run the command as any other user or group.