Rate This Document
Findability
Accuracy
Completeness
Readability

Ensure That Regular Users Run Privileged Programs Using sudo

The sudo command allows regular users to execute specific programs with root privileges. Since most system administration commands require root privileges, system administrators can delegate certain permissions to other users to reduce their own administrative burden. Compared to sharing the root password directly with regular users, leveraging sudo significantly lowers security risks. Performing privileged operations via sudo eliminates the hazards of direct root login, while enhancing overall system security and operational controllability.

  1. Check whether any regular users have been granted sudo privileges in the /etc/sudoers file:
    grep "(root)" /etc/sudoers 

    The following is an example. /bin/ping specifies a program that can be executed using sudo. You can configure actual allowed programs based on your service scenarios.

    test_sudo  ALL=(root)  /bin/ping
  2. Modify the /etc/sudoers configuration file to grant permissions to a user who needs to run a program requiring root privileges.
    1. Open the /etc/sudoers configuration file.
      vim /etc/sudoers
    2. Press i to enter the insert mode and configure the following fields:
      test_sudo  ALL=(root)  /bin/ping
      • test_sudo indicates the user account. In practice, you can also specify a user group, allowing all members of that group to use sudo under the same rule.
      • ALL indicates that the rule applies to any host name.
      • root indicates that the user or user group specified in the first field can switch to root to execute a program requiring root privileges.
      • /bin/ping specifies privileged programs. Multiple programs must be separated by commas (,).
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.