Sudoers gives users limited permission to run things. Most of the time, however, you'll just use it to replace su, since it can do some things in a safer or better fashion.

Use sudo your_command -options args to run stuff as root. More options can let you run as different users.

Use the program visudo to edit the config file. Suppose you want user foo to be able to execute anything as root. You would use

foo   ALL=(root) ALL

To let a user run certain programs (with certain arguments) without a password, do this:

richard ALL=NOPASSWD: /sbin/ifup, /sbin/ifdown, /sbin/iwconfig, /sbin/modprobe ndiswrapper, /usr/bin/cpufreq-set -g powersave, /usr/bin/cpufreq-set -g performance

To let users richard and alex run something as user utserver without a password, do

richard ALL= (utserver) NOPASSWD: ALL
alex    ALL= (utserver) NOPASSWD: ALL

To let users in group veserver run anything as user veserver without a password, do this:

%veserver       ALL=(veserver) NOPASSWD:ALL

The order of lines is important. The last line that matches the command to run is the relavent one (useful for options like NOPASSWD.)

A security upgrade broke sudo's handling of environment variables in at least Debian, so that some stuff doesn't work anymore. You have to explicitely allow most environment variables, such as DISPLAY, to go through.

Add this near the top of the sudoer's config file (using visudo):

Defaults env_reset,env_keep = "DISPLAY"

The quoted list is space separated.

DebianNotes/Sudo (last edited 2008-03-10 01:39:24 by localhost)