Linux sudo command allows a user to execute a command as another user. All the sudo command configuration is stored in /etc/sudoers. You can assign a specific command to a user from a specific host.
Open your /etc/sudoers file and
Syntax : <USER> <MACHINE> = <(RUN AS USER)> <COMMAND>
Lets see an example and edit our sudoers file.
zolan 192.168.10.205 = (admin) /sbin/fdisk
Here zolan can run fdisk command from 192.168.10.205 as a admin user.
[zolan@sector19 ~]$sudo -u admin fdisk -l
We are running 'fdisk -l'command as admin user.
Let see some more
zolan ALL=(ALL) ALL
In this example user zolan is permitted to run any command from system as any user including root.If you are not specifying the user default is root.
[zolan@sector19 ~]$sudo fdisk -l
If you don't want to enter the password all the time before running sudo command you can specify nopassword in sudoers file.
zolan ALL=(ALL) NOPASSWD:ALL
#Rather then specifying user name we can specify the group name instead, here we have admingroup and all memebrs in admin group can run command 'fdisk -l'
%admingroup ALL = (ALL) /sbin/fdisk
Let's see some real world example
Host_Alias admin-pc= 192.168.10.1, 192.168.10.2 Host_Alias user-pc= 192.168.10.11, 192.168.10.12 Runas_Alias runas-user=wheel, httpd, ftp Cmnd_Alias networks-cmd= /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /sbin/iptables, Cmnd_Alias general-cmd=/sbin/lsusb, /sbin/lspci, /sbin/mount.nfs User_Alias admin = zolan, vaibhav User_Alias users = jack, jil, mac admin admin-pc = ( runas-user) networks-cmd users user-pc = ( runas-user) general-cmd
In above example we have create aliases for Users, Runas Users, Machines ip and commands. By this way we can manage permissions on large level.