DEV Community

feng wei
feng wei

Posted on

visudo and /etc/sudoers

It may not be a good idea to grant full root-equivalent privilege to Unix-like OS users. Access should be granted based on actual needs.

You should not edit sudoers directly, by opening it in a text editor. Instead, edit it with visudo, which will verify its validity before saving the changes to disk.

/etc/sudoers


Host alias specification

User alias specification

Cmnd alias specification

User privilege specification

root ALL=(ALL:ALL) ALL

Members of the admin group may gain root privileges

%admin ALL=(ALL) ALL

Allow members of group sudo to execute any command

%sudo ALL=(ALL:ALL) ALL


Here, "root ALL=(ALL:ALL) ALL" states that the user root, logged in to any hostname, may run, as a user or group, any command. The general form of this directive is:

user hostname=(run-as-user:run-as-group) command

The special word ALL may be used for any of these values and means that any are allowed.

hope myhost=(mysqluser:mysqlusers) mysqldump

User hope, when logged in to host myhost, may run the command mysqldump as user mysqluser or a member of group mysqlusers. For example, this directive would allow user hope to run this command:

sudo -u mysqluser -g mysqlusers mysqldump

Top comments (0)