Sudo

From ArchWiki

i18n
English
Français
Italiano
Русский
简体中文
Türkçe

Contents 1 Installation 2 Enabling sudo for Users 3 Enabling Tab-Completion for sudo Users 4 Password timeout 5 Environment Variables 6 Summary 7 Some fun 8 Ask for the root password 9 See also

Installation

To install Sudo:

pacman -S sudo

Enabling sudo for Users

To add a user as a sudo user (a "sudoer"), type "visudo" as root. This will open the file /etc/sudoers in a special session of vi. If you don't know how to use vi, you can type for example the following:

EDITOR=gedit visudo

(Do not edit /etc/sudoers directly with an editor). To give the user full root privileges when he/she precedes a command with "sudo", add the following line:

USER_NAME   ALL=(ALL) ALL

where USER_NAME is the username of the individual.

Enabling Tab-Completion for sudo Users

Tab-completion, by default, will not work when a user is initially added to the sudoers file. For example, normally johndoe only has to type:

fir<TAB>

and the shell will complete out the command for him as:

firefox

If, however, johndoe is added to the sudoers file and he types:

sudo fir<TAB>

the shell will do nothing.

If you use programmable completion for bash you should comment out the following lines in /etc/bash_completion:

# user commands see only users
complete -u su usermod userdel passwd chage write chfn groups slay w

# group commands see only groups
[ -n "$bash205" ] && complete -g groupmod groupdel newgrp 2>/dev/null

Otherwise add the following to your ~/.bashrc (only if you did not modify bash_completion as it overwrites the settings for sudo):

complete -cf sudo

Password timeout

You might want to change the default timeout before the password expires. This is simply done by adding following to /etc/sudoers (visudo):

Defaults:your_username timestamp_timeout=MINUTES

This is how it may look like:

Defaults:foo timestamp_timeout=20

Where the user foo's password expires if it is unused for over 20 minutes.

Note: If you would like sudo to always ask for password, just set the timeout to zero.

Environment Variables

If you have a lot of environment variables, or you export your proxy settings via export http_proxy="..", when using sudo these variables do not get passed to the root account unless you run sudo with the -E option.

sudo -E pacman -Sy

Because of this you may wish to add an alias in ~/.bashrc

alias sudo="sudo -E"

Summary

To summarize, the following setup will satisfy most individuals, where USER_NAME is the individual's username:

1. pacman -S sudo
2. add "USER_NAME   ALL=(ALL) ALL" to /etc/sudoers
3. add "complete -cf sudo" to /home/USER_NAME/.bashrc

Some fun

There is a way of telling sudo to insult you every time you type the wrong password, instead just printing the default "wrong password" message. To enable this Easter-egg:

# sudo visudo

Find the Defaults line (approx. line 18) and append "insults" after a comma to anything that may be here. The final might look like this:

#Defaults specification
Defaults insults

Note: to try if it worked right, type sudo -K to end you current session a let sudo ask for the password again

Ask for the root password

If you need sudo (for example for makepkg -s) but don't want a security risk, you can configure sudo to ask for the root password instead of the user password.

Add "rootpw" to the Defaults line:

 Defaults timestamp_timeout=0,rootpw

See also

• Disable root password and gain su sudo with no password