{"id":16337,"date":"2019-04-04T10:37:47","date_gmt":"2019-04-04T10:37:47","guid":{"rendered":"https:\/\/www.hostinger.com\/tutorials\/?p=16337"},"modified":"2025-04-28T08:00:10","modified_gmt":"2025-04-28T08:00:10","slug":"sudo-and-the-sudoers-file","status":"publish","type":"post","link":"\/tutorials\/sudo-and-the-sudoers-file\/","title":{"rendered":"How to edit the sudoers file to obtain and manage root privileges"},"content":{"rendered":"<p>The <strong>sudoers<\/strong> file is a critical configuration file in Linux and Unix-like operating systems that controls user privileges. It defines who can execute commands as the <strong>superuser<\/strong>, providing a secure way to manage administrative rights.<\/p><p>System administrators can configure the <strong>sudoers<\/strong> file to let specific users or groups run commands with elevated privileges, but improper changes can lead to serious security risks or system malfunctions.<\/p><p>In this article, you&rsquo;ll learn how to edit the <strong>sudoers<\/strong> file and manage user privileges safely.<\/p><p>\n\n\n\n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-prerequisites\">Prerequisites<\/h2><p>Before editing the <strong>sudoers<\/strong> file, ensure you have the right tools and access. Below are the essential prerequisites:<\/p><ul class=\"wp-block-list\">\n<li><strong>Linux<\/strong>. The <strong>sudo<\/strong> command and the <strong>sudoers <\/strong>file are used to manage Linux-based systems, such as a <a href=\"\/tutorials\/what-is-vps-hosting\/\">virtual private server (VPS)<\/a>. If you don&rsquo;t have one, consider <a href=\"\/vps-hosting\">getting a VPS plan from Hostinger<\/a>. This way, you can test configurations remotely with administrative permissions.<\/li>\n\n\n\n<li><strong>SSH access<\/strong>. If you work on a VPS, you need <a href=\"\/tutorials\/ssh-tutorial-how-does-ssh-work\/\">Secure Shell (SSH)<\/a> access to securely connect and manage the system.<\/li>\n\n\n\n<li><strong>Command-line operations<\/strong>. You will need to use the command-line interface (CLI) to configure the <strong>sudoers<\/strong> file. Ensure you understand <a href=\"\/tutorials\/linux-commands\/\">basic Linux commands<\/a> and navigation to avoid mistakes and keep operations smooth.<\/li>\n\n\n\n<li><strong>visudo command<\/strong>. Using <strong>visudo<\/strong> is the safest way to edit the <strong>sudoers<\/strong> file. It typically comes pre-installed on most <a href=\"\/tutorials\/best-linux-distro\/\">Linux distributions<\/a>. If <strong>visudo <\/strong>is not available, you can install it with:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo apt install sudo &nbsp; # Debian or Ubuntu<\/pre><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo dnf install sudo &nbsp; # CentOS, Fedora, or Rocky Linux<\/pre><figure class=\"wp-block-image size-large\"><a class=\"hgr-tutorials-cta hgr-tutorials-cta-vps-hosting\" href=\"\/vps-hosting\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"1024\" height=\"300\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=1024,h=1024,fit=scale-down\" alt=\"\" class=\"wp-image-77934\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=768,fit=scale-down 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure><h2 class=\"wp-block-heading\" id=\"h-understanding-the-sudoers-file\">Understanding the sudoers file<\/h2><p>To safely modify user privileges on a Linux system, you must understand how the <strong>sudoers<\/strong> file works.<\/p><p>This file is located at <strong>\/etc\/sudoers<\/strong> and is used by the system to control which users and groups have <strong>sudo<\/strong> privileges. It specifies who can execute commands as certain users, along with any restrictions and security policies that apply.<\/p><p>The <strong>sudoers<\/strong> file is structured with a specific syntax that must be strictly followed. Here&rsquo;s what a typical rule looks like:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[user] [host] = ([runas_user]) [commands]<\/pre><ul class=\"wp-block-list\">\n<li><strong>[user]<\/strong>. The user or group to which the rule applies.<\/li>\n\n\n\n<li><strong>[host]<\/strong>. The host on which the command can be run &ndash; usually set to <strong>ALL<\/strong>.<\/li>\n\n\n\n<li><strong>([runas_user])<\/strong>. The user as whom the command can be run &ndash; often set to <strong>ALL<\/strong>.<\/li>\n\n\n\n<li><strong>[commands]<\/strong>. The specific commands that the user is allowed to execute.<\/li>\n<\/ul><p>For instance, <strong>john ALL=(ALL:ALL) ALL<\/strong> allows the user <strong>john<\/strong> to execute any command as any user on any host.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-edit-the-sudoers-file\">How to edit the sudoers file<\/h2><p>This section will explain how to edit the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>. To start, open your terminal or an <a href=\"\/tutorials\/how-to-use-putty-ssh\/\">SSH client application like PuTTY<\/a>. Hostinger VPS customers can also access their server using our built-in <strong>Browser terminal<\/strong> feature. <\/p><p>To do so, simply open your Hostinger account and go to <strong>VPS &rarr; Manage<\/strong>. Then, click <strong>Browser terminal <\/strong>on the top right corner, and you will log in to your server automatically. <\/p><div class=\"wp-block-image\">\n<figure data-wp-context='{\"imageId\":\"6a592a6189080\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a592a6189080\" class=\"aligncenter size-full wp-lightbox-container\"><img decoding=\"async\" width=\"1460\" height=\"535\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/public\" alt=\"The Browser terminal button on hPanel\" class=\"wp-image-125795\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=1460,fit=scale-down 1460w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2019\/04\/browser-terminal-button-on-hpenel.png\/w=768,fit=scale-down 768w\" sizes=\"(max-width: 1460px) 100vw, 1460px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div><p>That&rsquo;s it! Now, you can start running commands on your VPS. <\/p><h3 class=\"wp-block-heading\" id=\"h-using-visudo\">Using visudo<\/h3><p>As previously explained, <strong>visudo<\/strong> is the safest and most recommended method for editing <strong>sudoers<\/strong> files in Linux. <strong>visudo<\/strong> locks the file while you edit it, preventing others from making changes and causing conflicts.<\/p><p>Additionally, <strong>visudo<\/strong> provides a safer environment by checking for possible syntax errors before saving changes, minimizing the risk of losing <strong>sudo<\/strong> access entirely or locking yourself out of the system.<\/p><p>Follow these steps to open and navigate the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>:<\/p><ol class=\"wp-block-list\">\n<li>Switch to the <strong>root<\/strong> user and run <strong>visudo<\/strong> with these commands:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo -i\n\nvisudo<\/pre><p>If you don&rsquo;t want to switch to <strong>root<\/strong>, run the command with <strong>sudo<\/strong> permissions:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo visudo<\/pre><p>The above commands will open the <strong>sudoers<\/strong> file with the default terminal editor, either <a href=\"\/tutorials\/how-to-install-and-use-nano-text-editor\/\">nano<\/a> or <strong>vim<\/strong>.<\/p><ol start=\"2\" class=\"wp-block-list\">\n<li>Use the arrow keys to navigate the file and make the necessary changes.<\/li>\n<\/ol><p>\n\n\n        <div class=\"protip\">\n            <div class=\"protip__heading\">\n                <svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                    <path d=\"M1.49234 23.5024C1.23229 23.5024 0.972242 23.4024 0.782206 23.2123C0.562165 22.9923 0.452144 22.6822 0.502153 22.3722C0.562165 21.9221 1.14227 17.9113 3.00262 16.351C3.63274 15.8209 4.43289 15.5509 5.26305 15.5609C6.09321 15.5909 6.87335 15.9109 7.47347 16.4911C8.6937 17.6913 8.76371 19.6717 7.6435 20.9919C6.0832 22.8523 2.08245 23.4324 1.63237 23.4924C1.59236 23.4924 1.54235 23.4924 1.50234 23.4924L1.49234 23.5024ZM5.16303 17.5613C4.84297 17.5613 4.53291 17.6713 4.29287 17.8813C3.60274 18.4614 3.07264 19.9317 2.75258 21.242C4.06282 20.9219 5.5331 20.3918 6.11321 19.7017C6.55329 19.1716 6.54329 18.3814 6.0832 17.9213C5.85316 17.7013 5.5431 17.5713 5.20304 17.5613C5.19304 17.5613 5.17303 17.5613 5.16303 17.5613ZM11.7243 21.8821C11.4942 21.8821 11.2642 21.8021 11.0841 21.652C10.8541 21.462 10.7241 21.1819 10.7241 20.8819V15.9109L8.08358 13.2705H3.11264C2.81259 13.2705 2.53254 13.1404 2.3425 12.9104C2.15246 12.6803 2.07245 12.3803 2.12246 12.0902C2.19247 11.7102 2.84259 8.36953 4.70294 7.12929C6.33325 6.04909 8.96375 6.49918 10.244 6.80923C11.5442 4.96889 13.2546 3.4286 15.2349 2.33839C17.4553 1.11816 19.9858 0.518051 22.4963 0.498047C23.0464 0.498047 23.4865 0.948132 23.4865 1.49824C23.4865 5.0389 22.3763 9.97983 17.1753 13.7605C17.4853 15.0408 17.9354 17.6613 16.8552 19.2816C15.615 21.1419 12.2744 21.7921 11.8943 21.8621C11.8343 21.8721 11.7743 21.8821 11.7143 21.8821H11.7243ZM12.7245 16.181V19.6016C13.7146 19.2916 14.7948 18.7915 15.2049 18.1814C15.675 17.4812 15.605 16.091 15.385 14.9008C14.5248 15.3808 13.6346 15.8109 12.7245 16.181ZM9.66388 12.0302L11.9643 14.3307C13.1845 13.8306 14.3648 13.2204 15.485 12.5103C19.9358 9.51974 21.2361 5.60901 21.4561 2.53843C19.6157 2.67846 17.8254 3.20856 16.2051 4.09872C14.2847 5.14892 12.6544 6.68921 11.4942 8.54956C10.7841 9.65977 10.174 10.82 9.66388 12.0302ZM4.39289 11.2701H7.81353C8.1936 10.3599 8.63368 9.46974 9.11377 8.60957C7.92355 8.38953 6.51329 8.31952 5.81315 8.78961C5.19304 9.19968 4.70294 10.3099 4.39289 11.2701Z\" fill=\"#673DE6\"\/>\n                <\/svg>\n                <p class=\"protip__title\">\n                    Pro tip                <\/p>\n            <\/div>\n            <p class=\"protip__content\"> By default, <strong>visudo<\/strong> opens the <strong>sudoers<\/strong> file with the <strong>vim<\/strong> text editor. However, on Ubuntu, <strong>visudo<\/strong> is configured to use <strong>nano<\/strong> instead. <\/p>\n                    <\/div>\n        \n\n\n\n<\/p><h3 class=\"wp-block-heading\" id=\"h-adding-a-user-to-the-sudoers-file\">Adding a user to the sudoers file<\/h3><p>To grant users <strong>sudo<\/strong> privileges, add them to the <strong>sudoers<\/strong> file. This allows users to execute commands with elevated privileges, which is essential for performing Linux administrative tasks.<\/p><p>Here are the instructions:<\/p><ol class=\"wp-block-list\">\n<li>Open the <strong>sudoers<\/strong> file using the same <strong>sudo visudo<\/strong> command.<\/li>\n\n\n\n<li>Add the following line to grant a user named <strong>john<\/strong> full <strong>sudo<\/strong> permissions:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL:ALL) ALL<\/pre><ol start=\"3\" class=\"wp-block-list\">\n<li>You can also add multiple users to the <strong>sudoers<\/strong> file with different permissions tailored to their specific roles, one line per user. For example:<\/li>\n<\/ol><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL:ALL) ALL\n\nsteve ALL=(ALL) NOPASSWD: \/usr\/bin\/apt\n\nmary ALL=(ALL:ALL) \/usr\/sbin\/reboot<\/pre><ul class=\"wp-block-list\">\n<li>The first line grants <strong>john<\/strong> full <strong>sudo<\/strong> access, as explained before.<\/li>\n\n\n\n<li>The second one lets <strong>steve<\/strong> execute the <strong>apt<\/strong> command without being prompted for a password.<\/li>\n\n\n\n<li>The third line permits <strong>mary<\/strong> to reboot the system, but they can&rsquo;t perform any other <strong>sudo<\/strong> actions.<\/li>\n<\/ul><h3 class=\"wp-block-heading\" id=\"h-managing-group-permissions\">Managing group permissions<\/h3><p>Managing user permissions individually in the <strong>sudoers<\/strong> file can be time-consuming and prone to errors, especially when dealing with numerous users. A more efficient approach is to manage permissions using the <strong>sudo<\/strong> group.<\/p><p>It&rsquo;s a Linux system group providing all its members administrative access. By default, users in the <strong>sudo<\/strong> group can execute any command with <strong>superuser<\/strong> privileges without needing to edit the <strong>sudoers<\/strong> file for each one.<\/p><p>To add a user to the <strong>sudo<\/strong> group, use the <strong>usermod<\/strong> command with the <strong>-aG<\/strong> option. Here&rsquo;s how to add a user named <strong>john <\/strong>as an example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo usermod -aG sudo john<\/pre><p>After that, refresh the user&rsquo;s group membership to gain administrative privileges by logging out of the current session and then logging back in as the newly added user:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">logout\n\nssh john@your_vps_ip<\/pre><p>If logging out is not convenient, switch to the user&rsquo;s account with an updated session with the <strong>su<\/strong> command and enter the correct password:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">su - john<\/pre><h3 class=\"wp-block-heading\" id=\"h-understanding-common-configuration-options\">Understanding common configuration options<\/h3><p>The <strong>sudoers<\/strong> file offers several configuration options that provide flexibility when managing user and group privileges. Understanding these options helps you set clear and concise rules while reducing errors and conflicts.<\/p><p><strong>Defaults<\/strong><\/p><p>The <strong>Defaults<\/strong> option sets default environment variables and behaviors for <strong>sudo<\/strong> operations. These settings apply globally to all users or can be tailored to specific users or groups. For example, <strong>env_reset<\/strong> clears variables to prevent unauthorized access:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Defaults&nbsp; &nbsp; &nbsp; &nbsp; env_reset<\/pre><p><strong>Cmnd_Alias<\/strong><\/p><p><strong>Cmnd_Alias<\/strong> creates aliases for groups of commands. These are variables that represent multiple commands or paths. For instance, <strong>NETWORK_CMDS<\/strong> groups network-related commands, while <strong>ADMIN_CMDS<\/strong> groups administrative commands:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Cmnd_Alias NETWORK_CMDS = \/sbin\/ifconfig, \/sbin\/ip, \/usr\/sbin\/traceroute\n\nCmnd_Alias ADMIN_CMDS = \/usr\/sbin\/useradd, \/usr\/sbin\/userdel, \/usr\/sbin\/visudo<\/pre><p><strong>Host_Alias<\/strong><\/p><p>This option lists the hosts or systems that can run specified commands. It helps when managing permissions across multiple entries for different hosts. Here&rsquo;s an example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Host_Alias FILE_SERVERS = server1, server2, server3<\/pre><p><strong>User_Alias<\/strong><\/p><p><strong>User_Alias<\/strong> groups multiple users into one alias so you can assign the same privileges to all users in a specific group. In this example, <strong>john<\/strong>, <strong>mary<\/strong>, and <strong>admin<\/strong> are grouped under the alias <strong>ADMINS<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">User_Alias ADMINS = john, mary, admin<\/pre><p><strong>Runas_Alias<\/strong><\/p><p>It specifies which users or groups can be impersonated when running commands. For instance, users can run commands as <strong>root<\/strong> or <strong>operator<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Runas_Alias OP = root, operator<\/pre><p>Here are some practical examples you can follow:<\/p><ul class=\"wp-block-list\">\n<li><strong>Grant specific commands to a group of users<\/strong>. The <strong>ADMINS<\/strong> alias, which includes <strong>john<\/strong> and <strong>mary<\/strong>, can run the commands in <strong>STORAGE_CMDS<\/strong> on all hosts.<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">User_Alias ADMINS = john, mary\n\nCmnd_Alias STORAGE_CMDS = \/bin\/mount, \/bin\/umount\n\nADMINS ALL=(ALL) STORAGE_CMDS<\/pre><ul class=\"wp-block-list\">\n<li><strong>Set up permissions with timeouts<\/strong>. Users running commands under the <strong>NETWORKING<\/strong> alias must re-authenticate after <strong>2<\/strong> minutes.<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Cmnd_Alias NETWORKING = \/sbin\/ifconfig, \/sbin\/ip\n\nDefaults!NETWORKING timestamp_timeout=2<\/pre><ul class=\"wp-block-list\">\n<li><strong>Avoid conflicting values<\/strong>. When creating multiple entries, ensure they don&rsquo;t have clashing values. The example below will conflict, as one requires a password for all commands, while <strong>apt<\/strong> doesn&rsquo;t.&nbsp;<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">john ALL=(ALL) NOPASSWD: \/usr\/bin\/apt\n\njohn ALL=(ALL) PASSWD: ALL<\/pre><h3 class=\"wp-block-heading\" id=\"h-saving-changes\">Saving changes<\/h3><p>After editing the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>, save your changes correctly to ensure they are applied without errors. If you use <strong>nano<\/strong>, press <strong>Ctrl + X &rarr; Y &rarr; Enter<\/strong>. For <strong>vim<\/strong> users, press <strong>Esc<\/strong> to switch to command mode. Then, type <strong>:wq<\/strong> and hit <strong>Enter<\/strong>.<\/p><p>If <strong>visudo<\/strong> detects any syntax errors in the file, it will display a warning message and prompt you to correct them before exiting. Make sure to address any mistakes accordingly.<\/p><p><strong>Testing changes<\/strong><\/p><p>Once you save your changes, test them manually to confirm that the new <strong>sudo<\/strong> configurations work as expected. Make sure to switch to the user whose privileges or configurations you want to verify beforehand:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">su - [username]<\/pre><ul class=\"wp-block-list\">\n<li><strong>Check if the user has the intended privileges<\/strong>. When you add a user to the <strong>sudo<\/strong> group or specify a command alias, run the following command to verify:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo whoami<\/pre><p>If the user has <strong>sudo<\/strong> privileges, the output should be <strong>root<\/strong>.<\/p><ul class=\"wp-block-list\">\n<li><strong>Test user-specific commands<\/strong>. To confirm that a user alias or specific privileges are configured correctly, use a specific match test:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo -l<\/pre><p>This command lists the <strong>sudo<\/strong> privileges available to the user.<\/p><ul class=\"wp-block-list\">\n<li><strong>Check group permissions<\/strong>. After adding users to the <strong>sudo<\/strong> or other admin groups, ensure they have the correct permissions by running a privileged command:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo ls \/root<\/pre><p>Confirm whether the command runs successfully.<\/p><ul class=\"wp-block-list\">\n<li><strong>Verify alias definitions<\/strong>. First, open the <strong>sudoers<\/strong> file to see how the alias is defined. Then, run a command within that alias. For example, if you set <strong>\/sbin\/ifconfig<\/strong> within <strong>NETWORKING<\/strong>, execute:<\/li>\n<\/ul><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo \/sbin\/ifconfig<\/pre><h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2><p>Editing the <strong>sudoers<\/strong> file is a powerful way to manage user privileges on a Linux system. However, it requires careful handling to avoid errors that may lead to security risks or loss of access.<\/p><p>In this article, you&rsquo;ve learned how to safely edit the <strong>sudoers<\/strong> file using <strong>visudo<\/strong>, add users with specific privileges, manage group permissions, and understand common configuration options like <strong>Defaults<\/strong> and aliases.<\/p><p>Remember to always double-check your configurations and test them with commands such as <strong>sudo whoami<\/strong>, <strong>sudo -l<\/strong>, and <strong>sudo ls \/root<\/strong> to ensure they work as expected and maintain a stable system for all users.<\/p><h2 class=\"wp-block-heading\" id=\"h-sudoers-file-faq\">Sudoers file FAQ<\/h2><div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1726156477192\"><h3 class=\"schema-faq-question\">What is the purpose of the sudoers file?<\/h3> <p class=\"schema-faq-answer\">The sudoers file controls user permissions for executing commands as root or another user. It defines who can use <strong>sudo<\/strong> and under what conditions, enhancing security by managing administrative access.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156481745\"><h3 class=\"schema-faq-question\">Where is the sudoers file located?<\/h3> <p class=\"schema-faq-answer\">The sudoers file is located at <strong>\/etc\/sudoers<\/strong> on most Linux systems. It&rsquo;s a system-wide file that should not be moved or renamed. For more granular control, add specific configuration files in the <strong>\/etc\/sudoers.d<\/strong> directory, which <strong>sudo<\/strong> reads as main file extensions.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156487212\"><h3 class=\"schema-faq-question\">How do I open and edit the sudoers file?<\/h3> <p class=\"schema-faq-answer\">Use the <strong>visudo<\/strong> command to open and edit the <strong>sudoers<\/strong> file safely. It provides a secure editing environment by preventing multiple users from editing the file simultaneously, reducing the risk of conflicts and syntax errors.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1726156493087\"><h3 class=\"schema-faq-question\">Can I modify the sudoers file using a text editor?<\/h3> <p class=\"schema-faq-answer\">Directly editing the <strong>sudoers<\/strong> file with a regular text editor is not recommended, as mistakes may compromise your system. Instead, use <strong>visudo<\/strong>, which locks the file and checks for errors before saving any changes.<\/p> <\/div> <\/div><p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The sudoers file is a critical configuration file in Linux and Unix-like operating systems that controls user privileges. It defines [&#8230;]<\/p>\n<p><a class=\"btn btn-secondary understrap-read-more-link\" href=\"\/tutorials\/sudo-and-the-sudoers-file\/\">Read More&#8230;<\/a><\/p>\n","protected":false},"author":411,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"How to edit the sudoers file in Linux","rank_math_description":"The sudoers file configures the sudo command, enabling authorized users to execute commands as another user. Read this article to learn more.","rank_math_focus_keyword":"sudoers file","footnotes":""},"categories":[22648,22644],"tags":[],"class_list":["post-16337","post","type-post","status-publish","format-standard","hentry","category-managing-monitoring-and-security","category-vps"],"hreflangs":[{"locale":"en-US","link":"https:\/\/www.hostinger.com\/tutorials\/sudo-and-the-sudoers-file\/","default":1},{"locale":"pt-BR","link":"https:\/\/www.hostinger.com\/br\/tutoriais\/arquivo-sudoers\/","default":0},{"locale":"fr-FR","link":"https:\/\/www.hostinger.com\/fr\/tutoriels\/utiliser-sudo-et-le-fichier-sudoers\/","default":0},{"locale":"es-ES","link":"https:\/\/www.hostinger.com\/es\/tutoriales\/usar-comando-sudo-y-archivo-sudo\/","default":0},{"locale":"id-ID","link":"https:\/\/www.hostinger.com\/id\/tutorial\/sudo\/","default":0},{"locale":"en-PH","link":"https:\/\/www.hostinger.com\/ph\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-MY","link":"https:\/\/www.hostinger.com\/my\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-GB","link":"https:\/\/www.hostinger.com\/uk\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-IN","link":"https:\/\/www.hostinger.com\/in\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-CA","link":"https:\/\/www.hostinger.com\/ca\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-AU","link":"https:\/\/www.hostinger.com\/au\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"en-NG","link":"https:\/\/www.hostinger.com\/ng\/tutorials\/sudo-and-the-sudoers-file\/","default":0},{"locale":"es-AR","link":"https:\/\/www.hostinger.com\/ar\/tutoriales\/usar-comando-sudo-y-archivo-sudo\/","default":0},{"locale":"es-MX","link":"https:\/\/www.hostinger.com\/mx\/tutoriales\/usar-comando-sudo-y-archivo-sudo\/","default":0},{"locale":"es-CO","link":"https:\/\/www.hostinger.com\/co\/tutoriales\/usar-comando-sudo-y-archivo-sudo\/","default":0},{"locale":"pt-PT","link":"https:\/\/www.hostinger.com\/pt\/tutoriais\/arquivo-sudoers\/","default":0}],"_links":{"self":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/16337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/users\/411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/comments?post=16337"}],"version-history":[{"count":22,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/16337\/revisions"}],"predecessor-version":[{"id":125796,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/16337\/revisions\/125796"}],"wp:attachment":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/media?parent=16337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/categories?post=16337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/tags?post=16337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}