I am wondering how to use SUDO command to allow only my account to run mount command as root. I have root privilege.
man sudoers
1 Like
I did, but couldn't figure out! and since I don't want to play around with sudo, asked my question here...
Thanks for reply
To fine grain your goal, you need to create several groups depending on the roles. Like you can create a group "idadmins" which will contain the users who work on access controls and user administration.
groupadd idadmins
gpasswd -M adm01,adm02,adm03 idadmins
Next, create a command alias in /etc/sudoers file with all of the commands that would need root privilege and has to be used by the members of idadmins group. Something like this:
Cmnd_Alias USRADMN = /usr/sbin/useradd, /usr/sbin/usermod
Now, add a line like the below to delegate the idadmins group permission to execute the commands in USRADMN command alias as root.
# user/group machine=commands/command_alias
%idadmins ALL=USRADMN
In this way, you do not have to rework on /etc/sudoers file while adding a new user admin; just add him/her to the idadmins group and that's it. Also, as you are defining exactly what commands they can use with sudo, yu are restricting them from using any other command with sudo which requires root privilege, e.g: mount (although, just the mount command does not require root privileges on most UNIX systems; that's just to show what filesystems are mounted presently). Hope this helps!! 