====== Sudoers ======
**General Information**
Configuration of sudoers.
**Checklist**
* Distro(s): Any
----
===== Config Locations =====
The most maintainable method is to leave the main sudoers file as vanilla as possible. \\
Additional sudo access can be given with additional files in /etc/sudoers.d/
* Main sudoers file: /etc/sudoers
* Additional sudoers directory: /etc/sudoers.d/
----
===== /etc/sudoers =====
The main system sudoers file should contain this include statement to ensure all files in /etc/sudoers.d/ will be read from:
#includedir /etc/sudoers.d
* Note: The "#" in this case does not mean a comment and will work as intended
----
===== /etc/sudoers.d/ =====
The sudoers.d directory holds additional files that contain group specific sudoers configuration.
These files should:
* Owner/group: chown root:root
* Permissions: chmod 440
* Initially be created with "visudo -f /etc/sudoers.d/" to ensure no syntax errors.
----
===== sudoers.d files =====
Example sudoers.d files.
Single user, no password when using sudo
rjones ALL=(root) NOPASSWD:ALL
Group of users, no password when using sudo
User_Alias SYSADMINS = rjones, tux, ltorvalds
SYSADMINS ALL=(root) NOPASSWD:ALL
Group of users given elevated access to specific commands
User_Alias LOGUSERS = operator, rjones
Cmnd_Alias LOGFILEVIEW = /bin/grep /var/log/*, /usr/bin/tail /var/log/*, /usr/bin/less /var/log/*, /bin/more /var/log/*, /bin/cat /var/log/*, /bin/ls /var/log/*
LOGUSERS ALL = NOPASSWD:LOGFILEVIEW