Search notes:
/etc/sudoers
The
sudoers file. It specifies who can run what with
sudo.
The file has two types of entries:
- aliases (sort of variables)
- user specifications (who may run what)
This file should be edited with
visudo because
visudo checks for parsing errors and provides a basic syntax check.
Allow a named user to use sudo
Allow a specifically named user (here: fred) to use sudo:
fred ALL=(ALL) ALL
Allow users in sudo group
Allow all
users that are in the
sudo group to use sudo:
%sudo ALL=(ALL) ALL
$ usermod -a -G sudo fred
Don't ask for passwords
Don't ask for password if a given executable (here:
xxd) is invoked:
rene ALL=(ALL) NOPASSWD: /usr/bin/xxd
Never ask for any password:
rene ALL=(ALL) NOPASSWD:ALL
Using aliases
User_Alias ADMIN = jane
ADMIN ALL = NOPASSWD: ALL
umask
Apparently, sudo uses the
umask in effect when a sudo command is executed.
With Defaults umask_override and umask, the umsask can be changed for the command that is executed with sudo.
Defaults umask_override
Defaults umask=0022
Set period to keep password
Keep the password for 60 minutes:
Defaults timestamp_timeout=60
Don't store any password:
Defaults timestamp_timeout=0