Home

etcsudoers

The /etc/sudoers file is the central configuration for the sudo program on Unix-like systems. It specifies which users or groups may run commands with elevated privileges and under what conditions. The rules define privilege escalation without exposing the root password, enabling controlled access to administrative actions.

A sudoers rule consists of a list of users or aliases, a host list, a runas specification,

Aliases organize and simplify configurations. User_Alias, Runas_Alias, Host_Alias, and Cmnd_Alias group users, run-as targets, hosts, and

Examples illustrate typical usage. root ALL=(ALL) ALL grants full privileges to root. %admin ALL=(ALL) ALL allows

Editing should be done with visudo, which validates syntax before saving. The sudoers file should be owned

optional
tags,
and
a
command
list.
The
general
syntax
is:
User_List
Host_List
=
(Runas_Spec)
Tag_List
Command_List.
The
Host_List
and
Command_List
commonly
use
ALL
to
grant
broad
permissions,
while
more
specific
entries
narrow
the
scope
of
access.
commands
respectively.
For
example,
Cmnd_Alias
SH
=
/bin/sh,
/bin/bash;
User_Alias
ADM
=
alice,
bob;
Host_Alias
SERVERS
=
server1,
server2.
Aliases
help
maintainable
policies
and
reduce
repetition.
all
members
of
the
admin
group.
jdoe
ALL=(ALL)
NOPASSWD:
/usr/bin/systemctl,
/usr/bin/apt-get
limits
elevated
commands
to
specific
utilities
without
requiring
a
password
for
those
commands.
Commands
can
be
further
restricted
by
host,
run-as
user,
or
by
explicit
command
lists.
by
root
and
have
0440
permissions.
In
addition,
include
files
in
/etc/sudoers.d
are
loaded
automatically,
enabling
modular
policies
without
editing
the
main
file.
Careful
use
of
sudoers
policies
is
essential
to
maintain
system
security
and
auditable
privilege
management.