cancel
Showing results for 
Search instead for 
Did you mean: 

Modifying the sudo file

Andrew Kaplan
Super Advisor

Modifying the sudo file

Hi there --

I need to modify the sudo file to allow a user account, nagios, the ability to run a particular command, du, as root user. The nagios user on the machine in question is set up with the /sbin/nologin shell. The recommended syntax is the following:

nagios ALL=(root) NOPASSWD: /usr/bin/du

My question is the following, when looking at the sudo file, is there a particular section where the above syntax should be inserted in order for it to work? One section that comes to mind is:

Cmnd alias specification

and another possibility is:

User privilege specification

What would be the best way to go? Thanks.
A Journey In The Quest Of Knowledge
3 REPLIES
Matti_Kurkela
Honored Contributor

Re: Modifying the sudo file

The correct location for your planned line would be "User privilege specification".

The sections in the default sudoers file are just comments: you can probably configure things in any order you want, although if you use aliases, it might be required to _define_ an alias first before _using_ it in a privilege specification.

If you need to authorize a long list of other commands for Nagios, you might wish to use a command alias:

----
Cmnd_Alias NAGIOSCMDS = /usr/bin/du, /usr/bin/something_else, /usr/sbin/a_third_command,

nagios ALL=(root) NOPASSWD: NAGIOSCMDS
----

When your sudo configuration becomes more complex, using the aliases allows you to group things so that you can keep the actual privilege specifications short, simple and easy to understand.

But if you need just to authorize one user to run one or two commands, aliases are not necessary.

MK
MK
Jupinder Bedi
Respected Contributor

Re: Modifying the sudo file

Cmnd_Alias is the better option.
All things excellent are as difficult as they are rare
Horia Chirculescu
Honored Contributor

Re: Modifying the sudo file

>My question is the following, when looking at the sudo file, is there a particular section where the above syntax should be inserted in order for it to work?

It is not important where (what line no.) you will put the new line.

There are no "sections" in sudoers file.

The lines preceeded by # are comments. And this is all.

It is important to respect the sintax.

You do not need aliases if you only assign right to one or two users and/or to one/two or so commands

Best regards,
Horia.
Best regards from Romania,
Horia.