In this section, we will go through various controls that can be applied on user accounts:
- Suppose we have two user accounts, user1 and user2. We log in from user2 and then try to run a command, ps, as user1. In a normal scenario, we get this result:
- Now, edit the /etc/sudoers file and add this line:
User2 ALL = (user1) /bin/ps
- After saving the changes in /etc/sudoers, again try to run the ps command from user2 as user1:
- Now, if we want to run the same command again from user2 as user1, but without being asked for the password, we can do this by editing the /etc/sudoers file as shown here:
- Now, when we run the ps command from user2 as user1, we see that it does not ask for a password anymore:
- Now that we have seen how to run a command without being asked for the password, the major concern of the system administrator will be that sudo should always prompt for a password.
- To make sudo always prompt for a password for the user1 user account on the system, edit the /etc/sudoers file and add this line:
Defaults:user1 timestamp_timeout = 0
- Now, if user1 tries to run any command, they will be always prompted for the password:
- Now, let's suppose we want to give the user1 account permission to change the password of user2 and user3. Edit the /etc/sudoers file and add this line:
- Now, log in from user1 and let's try to change the passwords of the user2 and user3 accounts:
