Using sudo is for assigning administrator privilege. One way to give full or limited root privileges to any ono-root user is to set up the sudo facility.
As the root user, edit the /etc/sudoers file by running the visudo command,
[root@localhost root]# visudo
ð This is that command will lock the /etc/sudoers file and do some basic sanity checking of the file to ensure it was edited correctly.
Uncomment the following line to allow users in the group named wheel to have full root privileges on the computer.
%wheel ALL=(ALL) ALL
ð The previous line causes the user to be prompted for a password to be allow to use administrative commands. Without using a password, uncomment the following line as,
%wheel ALL=(ALL) NOPASSWD:ALL
Save the changes to the /etc/sudoers file (in vi type zz). Now add a user jake in the group wheel. The following is an example of a session by the user jake after he has been assigned sudo privileges.
[root@localhost jake]# sudo umount /mnt/win
We trust you have recived the usal lecture from the local system administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password: ******
ð The user jake runs the sudo command so he can unmount the /mnt/win file system. He is given a warning and asked to provide his password (this is jake's password, not root's password).
[root@localhost jake]# mount /mnt/win
mount: only root can mount /dev/hda1 on /mnt/win
ð Without using sudo, user jake can not mount. So he must use sudo command before mount, such as,
[root@localhost jake]# sudo mount /mnt/win
[root@localhost jake]#
ð Notice that jake was not prompted for a password for the second sudo. That's because after entering his password successfully he can enter as many sudo commands as he wants for the next five minutes without having to enter it again. We can change the timeout value from five minutes to however long we want by setting the passwd_timeout value in the /etc/sudoers file.
However, the /etc/sudoers file gives us an incredible amount of flexibility in permitting individual applications or groups of applications.
