From bb57c01fbbd35d6f745adb4003ed73bca354a844 Mon Sep 17 00:00:00 2001 From: Misha Husnain Ali Date: Thu, 14 Dec 2017 09:59:29 +0530 Subject: [PATCH] Add new file --- ...pt-using-sudo-assign-admin-privileges.adoc | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 en-US/modules/concept-using-sudo-assign-admin-privileges.adoc diff --git a/en-US/modules/concept-using-sudo-assign-admin-privileges.adoc b/en-US/modules/concept-using-sudo-assign-admin-privileges.adoc new file mode 100644 index 0000000..f2d48e3 --- /dev/null +++ b/en-US/modules/concept-using-sudo-assign-admin-privileges.adoc @@ -0,0 +1,24 @@ +[id="concept-using-sudo-assign-admin-privileges"] += Using sudo to assign administrator privileges + +Add users to the [directory]`/etc/sudoers` configuration file to allow them to use the [command]`sudo` command. For these users, the [command]`sudo` command is run in the user’s shell instead of in a root shell. As a result, the root shell can be disabled for increased security. + +The administrator can also allow different users access to specific commands using the sudo configuration. Administrators must use the [command]`visudo` command to edit the [directory]`/etc/sudoers` configuration file. + +To assign full administrative privileges to a user, type [command]`visudo` and add the following line to the user privilege section after replacing _USERNAME_ with the target user name: + +---- +USERNAME ALL=(ALL) ALL +---- + +This line allows the specified user to use [command]`sudo` from any host and execute any command. + +To allow a user access to specific commands, use the following example after replacing USERS with a target system group: + +---- +%USERS localhost=/usr/sbin/shutdown -h now +---- + +This command allows all members of the _USERS_ system group to issue the [command]`/sbin/shutdown -h` as long as the command is issued from the console. + +The man page for [command]`sudoers` has a detailed listing of options for this file.