In the following
sudo
entry:
superadm ALL=(ALL) ALL
there are four fields:
- The first one specifies a user that will be granted privileges for some command(s).
- The second one is rarely used. It’s a list of hostnames on which this sudo entry will be effective. On standard setups only one host is relevant (localhost) so this field is usually left as
ALL
.
- The fourth field is the list of commands
superadm
will be able to run with elevated privileges.
ALLmeans all commands. Otherwise use a comma-separated list of commands.
- The third field (the one written
(…)
that is optional) specifies which users (and groups) the
superadmuser will be able to run the following commands as.
ALLmeans they can chose anything (unrestricted). It this field is omitted, it means the same as
(root).
Example:
alan ALL = (root, bin : operator, system) /bin/ls, /bin/kill
Here,
alan
is allowed to run the two commands
/bin/ls
and
/bin/kill
as
root
(or
bin
), possibly with additional
operator
or
system
groups privileges.
So
alan
may chose to run
ls
as the
bin
user and with
operator
‘s group privileges like this:
sudo -u bin -g operator /bin/ls /whatever/directory
If
-u
is omitted, it’s the same as
-u root
. If
-g
is omitted, no additional group privileges are granted.