Linux SUDO
Getting your Trinity Audio player ready...

Linux SUDO Management

Let`s discuss privilege user management in linux in detail. All unix linux admins must be familiar with vi editor. We always recommend not to use vi directly to edit sudoers file. We should be using visudo always while granting privilege access to any user mostly pronounced as SUDO. That is exactly abbreviation of super user do i.e., what super user can do in other terms privilege for a user to perform role of super user.

This is very sensitive file and must be taken very seriously as whole organization including individuals or service ID using this in case of centralized sudoers management environment.

Step by Step Guide for Privilege User Management in Linux

Perform Syntax Inconsistency Check

If you have no inconsistencies in sudoers file, you will get “parsed OK” else you will get “parse error “. Please see below output.

# visudo -cf /etc/sudoers
/etc/opt/sudo/sudoers file "parsed OK"
# visudo -cf /etc/sudoers
>>> sudoers file: syntax error, line 2815 <<<
"parse error" in /etc/sudoers near line 2815

Take a backup of sudoers file before edit.

# cp -p /etc/sudoers /etc/sudoers.YYMMDD_ID

Edit sudoers

Always use visudo to edit sudoers. Please try avoiding force saving. visudo will pick sudoers file to edit.


Perform Syntax Inconsistency Check

Use step 1 and it must be parsed OK state after change as well.

Restore From Backup

If needed restore immediately from backup taken in step 2 only if needed or validation fails in step 4.

How To Validate SUDO Access For You On Any Linux Server

$ sudo -l
Passwd:<Enter Your Password>
Output is truncated for clarity.
User ramesh may run the following commands.
on lnxsrv01:(ALL) ALL

How To Validate SUDO Access For Anyone Else On Any Linux Server

# sudo -l -U prasad
Passwd:<Enter Your Password>
Matching Defaults entries for prasad on lnxsrv01:
User prasad may run the following commands on lnxsrv01:
(root) /bin/su - oracle


That`s all about Privilege User Management in Linux .Above details will be sufficient for efficient privilege access management. For more details you can visit how to add a user to sudoers in linux.