Sudo on CentOS

Q Why does CentOS say that my account 'is not on the sudoers list'? I've tried looking in the account settings, but to no avail.

A CentOS doesn't use sudo by default. Unlike Ubuntu, where the first user set up in the installer has rights to run anything with sudo, CentOS gives no such rights to anybody. By default, the only way to run programs with root privileges is to log in as root, by running su in a terminal. If you want to enable sudo for you or others, you'll need to edit the sudoers list, using the command visudo. This uses the editor defined in $EDITOR or, if that's not set, Vi. This method checks the syntax before committing it to the real file, which avoids you locking yourself out with a typing error. Run it with

su -
visudo

or

EDITOR="emacs" visudo

and add this line to the end of the file

youruser ALL=(ALL) ALL

to enable a user to run any commands. You can also specify a list of commands like this:

otheruser ALL= /sbin/mount, /sbin/umount

Permission can be granted to all members of a group, and you can restrict the arguments given to commands as well, as in this, disabled, example from the default CentOS sudoers file

%users ALL=/sbin/mount /cdrom,/sbin/ umount /cdrom

which lets any user mount or unmount the CD. You can remove password protection like so

%users ALL=NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom

but be careful what you allow with this. Sudo is generally considered a better way of controlling access to system commands, because you have fine control over what each user can do, and because no one else needs to know the root password.

Follow us on Identi.ca or Twitter

Username:   Password:
Create Account | About TuxRadar