Building command groups with sudo

By Sandra Henry-Stocker

When managing your /etc/sudoers files, it’s a good idea to organize user privileges in ways that make them easier to manage over the long haul and to assign permissions based on the roles that users play in your organization. One very useful way is to group related commands together – such as all commands related to running backups or managing web sites – and assign them to the individuals or groups that require these privileges.

Setting up command groups

To create a command group, you would use what is called a Cmnd_Alias in your /etc/sudoers file and give the new command group a meaningful name. Here are some examples. Note that full pathnames should be specified for all of the commands included in a group. Otherwise, you are likely to see an error like this when you try to exit visudo. And remember to only edit /etc/sudoers with the visudo command to allow it to warn you in ways like this and prevent errors.

To read this article in full, please click here

From: Network World

Share