How does a regular user execute a command as an administrator?
Author: Deron Eriksson
Description: This tutorial demonstrates how a regular user can execute a command in Fedora as an administrator using the sudo command.
Tutorial created using: Fedora 12
The "sudo" command allows a regular user to execute a command as an administrator (or other user) in Fedora. The authorization to be able to run "sudo" is specified in the /etc/sudoers file. If you're familiar with the vi editor, you can type "visudo" to open up the /etc/sudoers file in a vi editor.
In /etc/sudoers, we can see a line specifying that root can run all commands. If we'd like to give this same ability to a regular user, we can add a similar line for that user, such as the user named "deron" in the example below.
## Allow root to run any commands anywhere root ALL=(ALL) ALL deron ALL=(ALL) ALL
We can also do the same thing using groups rather than hardcoding the user name in the /etc/sudoers file. We can do this by uncommenting the wheel group, as shown below:
## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL
After this, we can add the user "deron" to the wheel group via:
usermod -a -G wheel deron
After either of the modifications above, the user "deron" can now run a command as the root user. Running "fdisk -l" would attempt to run the fdisk command as the regular user. Running "sudo fdisk -l" runs the fdisk command as the root user. The user gets prompted for the user password when attempting to run the sudo command.
Normally, the user will not be prompted for a password for sudo commands run in a particular time interval after this. For added security, we can have the user prompted for a password each time that the user runs the sudo command. This can be done by setting the default timestamp timeout value to 0 in the Defaults section of /etc/sudoers, like this:
Defaults timestamp_timeout = 0