Sudoers file

NOTE: This topic applies to mLinux 4.x or higher.

This page describes how to build and use a sudoers file for super-user level permissions in mLinux. Refer to the package maintainers documentation for the sudoers file:

https://www.sudo.ws/man/1.8.17/sudoers.man.html

The file /etc/sudoers is modified using the visudo command:

visudo

This creates a session similar to vi for editing the /etc/sudoers file.

NOTE: You have the option to use another editor. mLinux on the device comes with vi or nano. Refer to the following information to use a different editor:

https://www.sudo.ws/man/1.8.17/visudo.man.html

Here is an example of a restricted user, who has the privilege to run three commands:

john ALL= /usr/sbin/useradd,/usr/sbin/userdel,/usr/sbin/usermod

Here is an unrestricted user:

john ALL=(ALL) ALL 

In this case, the first ALL is the host list, the second ALL is a list of permitted user-id’s to use for the command given, and the third ALL is the command(s) the user is allowed to execute.

By default, mtadm is in the sudo group, and is allowed to do sudo as specified by this line in /etc/sudoers:

%sudo   ALL=(ALL) ALL

The %sudo indicates members of the sudo group, and any member of the sudo group can use sudo as any user with any command on any host.

The host is matched against the name of the current host.  It does not apply to ssh, ftp, or some other remote access program.  The purpose of the hostname in the /etc/sudoers file is to allow the same sudoers file to be placed on multiple hosts, and be interpreted differently for each host.

If you want to eliminate the password solicitation by sudo, and use the sudo group to assign the sudo privilege edit the %sudo line as follows in /etc/sudoers:

%sudo ALL=(ALL) NOPASSWD: ALL

This might be required if the privileged user-id has no password, and is using ssh keys to log into the system.