Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Ubuntu Server Cookbook

You're reading from   Ubuntu Server Cookbook Arm yourself to make the most of the versatile, powerful Ubuntu Server with over 100 hands-on recipes

Arrow left icon
Product type Paperback
Published in Jun 2016
Publisher Packt
ISBN-13 9781785883064
Length 456 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Uday Sawant Uday Sawant
Author Profile Icon Uday Sawant
Uday Sawant
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Managing Users and Groups 2. Networking FREE CHAPTER 3. Working with Web Servers 4. Working with Mail Servers 5. Handling Databases 6. Network Storage 7. Cloud Computing 8. Working with Containers 9. Streaming with Ampache 10. Communication Server with XMPP 11. Git Hosting 12. Collaboration Tools 13. Performance Monitoring 14. Centralized Authentication Service Index

Getting root privileges with sudo

When you create a new Ubuntu server in the cloud, by default you get the root account. This account has full system access with no restrictions at all and should only be used for administrative tasks. You can always create a new user account with fewer privileges. But there are times when you need extra root privileges to add a new user or change some system setting. You can use the sudo command to temporarily get extra privileges for a single command. In this recipe, you will see how to grant sudo privileges to a newly created user.

Getting ready

You will need a root account or an account with root privileges.

How to do it...

Follow these steps to get the root privileges with sudo:

  1. Add new user if required:
    $sudo adduser john
    
  2. Make john a member of sudo group with the following command:
    $sudo adduser username sudo
    

How it works…

All sudo access rules are configured in a file located at /etc/sudoers. This file contains a list of users and groups that are allowed to use the sudo command:

alan ALL=(ALL:ALL)ALL // allow sudo access to user alan
%sudo  ALL=(ALL)  ALL // allow sudo access to members of sudo

The line alan ALL=(ALL:ALL) ALL specifies that the user alan can run any command as any user and optionally set any group (taken from man pages for sudoers: man sudoers).

The entry %sudo ALL=(ALL) ALL specifies that any member of system group sudo can run any command as any user.

All we have to do is add a new user to the group sudo and that user will automatically get sudo privileges. After getting the membership of the sudo group, user needs to log out and log back in for the changes to take effect. Basically, the user shell needs to be restarted with new privileges. Optionally, you can always go and change the sudoers file for a specific condition.

Note

Make sure that you use the visudo tool to make any changes to sudoers file.

There's more…

Here, we will discuss how to set a password-less sudo and some additional benefits of sudo.

Setting password less sudo

sudo is a useful and handy tool for temporary root privileges, but you need to enter your password every time. This creates problems especially for users with no password set. This problem can be solved by setting the NOPASSWD flag in the sudoers file. Make sure you use the visudo tool to edit the sudoers file:

  1. Open the sudoers file with the visudo command:
    $sudo visudo
    
  2. Select the line for user or group you want to allow password-less sudo access.
  3. Add NOPASSWD after closing the bracket:
    %sudo   ALL=(ALL:ALL) NOPASSWD: ALL
    
  4. Press Ctrl + O and then confirm with the Enter key to save the changes.
  5. Press Ctrl + X to exit visudo.

Now, the users of the group sudo should be able to use the sudo command without providing a password. Alternatively, you can add a separate entry to limit password-less access to a specific user.

Note that the sudoers program performs cache authentication for a small time (default is 15 minutes). When repeated within timeout, you may notice password-less sudo without setting the NOPASSWD flag.

Other uses of sudo

In addition to running a single command with sudo, you might want to execute a list of commands with the sudo privileges. Then, you can open a shell with root access (# prompt) with the command $sudo -s. The shell environment remains same as original user, but now you can execute commands as a root user.

Alternatively, you can switch user to root with the command $sudo su -. This command will open a new shell as a root user.

See also

  • Check manual pages for sudo with $man sudo
  • For more details on adduser, check the Creating user account recipe
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image