Software >> OS >> Unix >> Linux >> commands >> sudo >> What is the syntax of sudoers polify file and how to troubleshoot sudo


Take note the following important point from man sudoers


     The sudoers file is composed of two types of entries: aliases (basically variables) and user specifications (which specify who may run what).

     When multiple entries match for a user, they are applied in order.  Where there are multiple matches, the last match is used (which is not necessarily the most specific match).


Syntax of the policy

User_Alias Host_Alias=(Runas_Alias) Command_Alias

in simple english

Who where=(as_whom) what

User_Alias : Determines which user that policy will apply to
Runas_Alias : Determine the user and/or group that a command may be run as
Host_Alais : The hostname that the policy will apply to
Command_Alias: A list of commands or aliases of commands, it may be prefixed by a tag NOPASSWD: which modifies it's password requirement behaviour


e.g. 1
user1 ALL=(ALL) ALL

User_Alias = user1
Host_Alias = ALL
Runas_Alias = ALL
Command_Alias = ALL


e.g. 2
ray  rushmore = NOPASSWD: /bin/kill, /bin/ls

Allow user ray to run /bin/kill or /bin/ls with root privilege on the machine rushmore without authenticating himself