ITG Unix Support
     |  List directory  |  History  |  Similar  |  Print version  

Software > Using sudo to run commands as root

Using sudo to run commands as root

sudo is a great tool for restricting access to the root account (or other accounts). In normal use, it is setup so that people in the wheel group can run commands as root if they give it their password.

The beauty of sudo is that you can grant root access to certain users without giving them the root password. On top of that, you can specify only to grant them access to certain commands on certain hosts. Best of all, sudo logs every command that is run through it, so you can easily track down any issues that may arise.

Using sudo

Using sudo is ridiculously easy. If you would like to run a command as root, simply type sudo program arguments. For instance:

sudo passwd tstrombe

If you would like to run commands as a user other than root, use sudo -u username program arguments, like so:

sudo -u condor /usr/local/sbin/condor_start

In rare instances, you may need to start an entire shell as another user. This is not recommended because it will not log the commands you execute under this shell, though it sometimes makes things more convenient when you do not have access to a directory you would like to work in. This will start a root shell:

sudo -s 

For more tips, I recommend looking at the sudo manual.

Configuring sudo

Adding yourself to the wheel group

If you type the groups command, you will see a list of groups that you are an active member of.

% groups
wheel uucp dialout audio video condor

If it does not say wheel, you will want to add yourself to the wheel group. You can use the graphical management tools that come with your system, or simply use your favorite text editor as the root user, and edit /etc/group. Add yourself to the line that says wheel:


You will need to logout and log back in for the membership changes to take affect. Before hand, you may want to do the next step, however.

Editing the sudo configuration

Open up a terminal, and make sure the EDITOR variable is set to your preferred editor, otherwise you will be editing the sudoers file using vi, which I personally hate. I recommend pico, nano, or joe. To set your default EDITOR in a bash, zsh, or other bourne shell based shell, type:

export EDITOR=pico

Now you can launch visudo as root:


Enabling the wheel group in sudo

If you are using SUSE 9.1, sudo defaults to allowing any user to use sudo if they type in the root password. We will first comment out that behaviour if it is in there. Put # signs at the beginning of these lines:

#Defaults targetpw    # ask for the password of the target user i.e. root
#%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

You will then see two lines that mention the wheel group. If you have no sensitive data on your machine, and absolutely trust that no one but you would ever use it or get into it, you can uncomment the NOPASSWD one, otherwise, I do highly recommend the first option. This shows our recommended configuration:

# Uncomment to allow people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

You can now save this file and quit. You should now be allowed to use the sudo command.

Changing the password timeout

By default, sudo will ask you for your password after 5 minutes of not using it. You can change this timeout to 20 minutes by adding the following option to your sudoers file with visudo.

timestamp_timeout = 20

If you really want, you can also specify this timeout on a per-user basis.


Rights rw-rw-r--   tstrombe   ITG

Prev. Adding users to the Subversion server   smb4k Next