[sudo-users] Regarding permissions

Tushar Abraham Mathew तुशार एब्रहाम माथ्यू tusharm at cdac.in
Tue Sep 2 00:59:13 EDT 2008

Hi all,
         I have been trying to edit my sudoers  file for the first time
for allowing access to my machine to some people. This is what my file
looks like - 

# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.
# Host alias specification
# User alias specification
User_Alias ADMIN = amol,nimmi
# Cmnd alias specification
Cmnd_Alias SHELLS = usr/local/bin/bash,/bin/csh,/bin/tcsh
Cmnd_Alias COMMANDS = /bin/rm,/usr/sbin/adduser,/usr/sbin/rmuser,/usr/local/sbin/visudo
# Defaults specification
# Runas alias specification
Runas_Alias  SYSADMIN = amol, nimmi

# User privilege specification
root    ALL=(ALL) ALL
john    ALL=(ALL)  ALL
# Uncomment to allow people in group wheel to run all commands

Could anyone advise if there is any way users (except for john) can do
harm to my machine ??

I also haven't understood the exact difference between the statements 

root ALL = (ALL) ALL and john ALL = (ALL) ALL

Having read through the general sudo documetation available, I
understand john will be able to on ALL hosts as ANY USER (sudo -u) run
ALL commands.

So the root statement would most likely mean if the root user did sudo
foo, he will be able to do so. But since the root user has full
previleges, why use sudo in the first place ? 

Another version I read was that giving root ALL = (ALL) ALL means once a
user like john (john ALL = (ALL) ALL) gets access to commands, he is
again restricted if the commands for root become something like 
root ALL = (ALL) /bin/

Could you enlighten me on this please ?

Best Wishes,


More information about the sudo-users mailing list