quick-docs/modules/ROOT/partialsdelete/2delete-con_using-sudo-assign-admin-privileges.adoc

[id="con_using-sudo-assign-admin-privileges"]
= Using sudo to assign administrator privileges

Add users to the [directory]`/etc/sudoers` configuration file to allow them to use the [command]`sudo` command. For these users, the [command]`sudo` command is run in the user’s shell instead of in a root shell. As a result, the root shell can be disabled for increased security.

The administrator can also allow different users access to specific commands using the sudo configuration. Administrators must use the [command]`visudo` command to edit the [directory]`/etc/sudoers` configuration file. 

To assign full administrative privileges to a user, type [command]`visudo` and add the following line to the user privilege section after replacing `_USERNAME_` with the target user name:

[subs=quotes]
----
_USERNAME_ ALL=(ALL) ALL
----

This line allows the specified user to use [command]`sudo` from any host and execute any command.

To allow a user access to specific commands, use the following example after replacing `_USERS_` with a target system group:

[subs=quotes]
----
_%USERS_ localhost=/usr/sbin/shutdown -h now
----

This command allows all members of the `_USERS_` system group to issue the [command]`/sbin/shutdown -h` as long as the command is issued from the console.

The man page for [command]`sudoers` has a detailed listing of options for this file.
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								[id="con_using-sudo-assign-admin-privileges"]
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
+								= Using sudo to assign administrator privileges
 								Add users to the [directory]`/etc/sudoers` configuration file to allow them to use the [command]`sudo` command. For these users, the [command]`sudo` command is run in the user’s shell instead of in a root shell. As a result, the root shell can be disabled for increased security.
 								The administrator can also allow different users access to specific commands using the sudo configuration. Administrators must use the [command]`visudo` command to edit the [directory]`/etc/sudoers` configuration file.
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								To assign full administrative privileges to a user, type [command]`visudo` and add the following line to the user privilege section after replacing `_USERNAME_` with the target user name:
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								[subs=quotes]
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
+								----
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								_USERNAME_ ALL=(ALL) ALL
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
+								----
 								This line allows the specified user to use [command]`sudo` from any host and execute any command.
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								To allow a user access to specific commands, use the following example after replacing `_USERS_` with a target system group:
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								[subs=quotes]
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
+								----
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								_%USERS_ localhost=/usr/sbin/shutdown -h now
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
+								----
-												Fixed the 'sudo' topic.

											
										
										
											2018-01-03 16:15:39 +00:00
+								This command allows all members of the `_USERS_` system group to issue the [command]`/sbin/shutdown -h` as long as the command is issued from the console.
-												Add new file
											
										
										
											2017-12-14 04:29:29 +00:00
 								The man page for [command]`sudoers` has a detailed listing of options for this file.