# visudo
## Allows people in group admin to run all commands
%admin ALL=(ALL) ALL
# groupadd admin
# useradd temp
# usermod -a -G admin temp
# id temp
uid=506(temp) gid=506(temp) groups=506(temp),507(admin)
#
#sudo /etc/init.d/vsftpd restart // It's working
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
#service vsftpd restart //It is not working
#vi /etc/hosts // I can't edit
It is possible to edit all of the OS with sudo like root.
e.g I want to edit etc/hosts file and I want to run service commands like "service httpd status"
Below parameter is enough or not for full permission.
#visudo or #vi /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
temp ALL=(ALL) ALL
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%admin ALL=(ALL) ALL
sudo requires you to prefix every command you want to execute as root. Just because it's been called once doesn't mean the rest of the terminal session has elevated privileges too.
I want to give permission to sudo user for editing network files such as /etc/hosts, /etc/sysconfig/network-scripts/ifcfg-eth0, /etc/sysconfig/network, /etc/init.d/network restart.
I have edited sudoers files for temp user like below but it didn't work. I can't edit hosts file, it is only read-only files.
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%temp ALL=/etc/hosts // vi /etc/hosts is giving error.
I am wondering how can I give full permission to temp user for above files.
First, prefixing anything with '%' tells sudo to interpret that as a group, not a single user.
Second, as I said before: sudo doesn't automagically elevate your privileges. You have to invoke it explicitly in every instance you want to use it, regardless of what command you want to run or which file you want to edit. Unlike UAC it won't jump into your face every time you want to do something you don't have permissions for, but you'll have to tell it "Now I want to do something I'm not usually allowed to do".
For example: vi /etc/hosts throws an error, as you said, but sudo -e /etc/hosts or sudo vi /etc/hosts will let you do that, since you're explicitly invoking sudo to allow access.