Sudo configuration

From wikinotes

Documentation

man sudoers https://man.archlinux.org/man/core/sudo/sudoers.5.en

Locations

/etc/sudoers configuration file (but use visudo unless certain)

/etc/sudoers

Basics

USER    HOST=(USER:GROUP)  ALLOWED_COMMANDS

USER localhost = \
    /bin/commandA, /bin/commandB   # can be split on multiple lines

USER

username     # username
#1001        # uid

%groupname   # groupname
%#1001       # gid

HOST

192.168.1.1              # ip address
myhostname               # hostname
hostA,10.10.10.10,hostC  # list of either

logic

%wheel,!willjp           # all members of wheel, but not willjp

aliased lists

If you find you are reusing a list of commands quite a lot, you can create a list of aliases. 

Cmnd_Alias  BACKUP = \
  /sbin/dump,\
  /sbin/restore,\
  /sbin/mt

willjp ALL=BACKUP     # allow willjp acess to /sbin/dump, /sbin/restore, /sbin/mt

dont require password

useful, for example, for a build container that needs to install libraries 

builduser ALL=(ALL) NOPASSWD: ALL

timeouts/durations

# /etc/sudoers
Defaults passwd_timeout=30     # password timeout every 30s
Defaults timestamp_timeout=60  # don't prompt for sudo again for 60min
Retrieved from "http://willpittman.net:8080/index.php?title=Sudo_configuration&oldid=34454"