image00

One way to give full or limited root privileges to any non-root user is to set up the sudo facility. That simply entails adding the user to /etc/sudoers and defining what privilege you want that user to have. Then the user can run any command he or she is privileged to use by preceding that command with the sudo command.

 

The following is an example of  how to use the sudo facility to cause any users that are added to the  wheel group to have full root privileges:

 

As the root user, edit the /etc/sudoers file by running the visudo command

# visudo /etc/sudoers

 

The reason for using visudo is that the command will lock the /etc/sudoers file and do some basic sanity-checking of the file to ensure it was edited correctly.

 

 Uncomment the following line to allow users in the group named wheel to have full root privileges on the computer:

 

 

%wheel ALL=(ALL) ALL

 

The previous line causes the user to be prompted for a password to be allowed to use administrative commands.

 

To allow users in the wheel group to have that privilege without using a password, uncomment the following line instead:

 

%wheel ALL=(ALL) NOPASSWD: ALL

:wq

 

 Save the changes to the /etc/sudoers file.

 

 

 

 Still as root user, open the /etc/group file in any text editor and add the users you want to have root privilege to the wheel line. For example, if you were to add  the  users sathish and arthar to the wheel group, the line would appear as follows:

 

wheel:x:10:root,sathish,arthar

 

 

At this point, the users sathish and arthar can run the sudo command to run commands, or parts of commands, that are normally restricted to the root user. The following is an example of a session by the user arthar after he has been assigned sudo privileges:

 

 

 

[arthar]$ sudo umount /mnt/win

 

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things:

 

#1) Respect the privacy of others.

#2) Think before you type.

Password: *********

 

[arthar]$ mount /mnt/win

mount: only root can mount /dev/sda1 on /mnt/win

 

[arthar]$ sudo mount /mnt/win

[arthar]$

 

In the preceding session, the user arthar runs the sudo command so he can unmount the /mnt/win file system (using the umount command). He is given a warning and asked to provide his password (this is arthar’s password, not the root password)

 

 

Notice that even after  arthar has given the password, he must still use the sudo command to run the command as root (the first mount fails, but the second succeeds). Notice that he was not prompted for a password for the second sudo. That’s because after entering his password successfully he can enter as many sudo commands as he wants for the next five minutes without having to enter it again. (You can change the timeout value from five minutes to however long you want by setting the passwd_timeout value in the /etc/sudoers file.)