Etc : Nano - visudo

Editing the sudoers file

As you use Linux you will eventually need to log on as root to do some admin tasks. Each time you do this you are putting your system at risk, no big deal if it's just your own PC but who knows, in the future you could end up being the Admin of a big organisation!!

So try this out, open a terminal or if your terminal is still open do Ctrl+Shift+T to open a new tab and as a normal user try the following..

bryan@debian:~$ sbin/fdisk --list
(fdisk will list all drive partitions and exit)
fdisk: cannot open /dev/sda: Permission denied
fdisk: cannot open /dev/sr0: Permission denied

OK that's fine, a normal user should not be able to run fdisk otherwise they may unintentionally delete partitions!!

Now try to run the same command using sudo which allows a permitted user to execute a command as root.

bryan@debian:~$ sudo fdisk -l
(-l short for --list)
[sudo] password for bryan:
(Enter your own password)
bryan is not in the sudoers file.  This incident will be reported.

Oops you are not a permitted user that is you are not in the sudoers file and at any minute the Linux Police will come a calling and batter down your door!!!

Not to worry, first you need to log on as root, so do su switch user don't put any user name in but most important add a dash - after su to have all roots settings including changing to roots home directory which is /root.

bryan@debian:~$ su - 
(MOST IMPORTANT the - after su)
Password: 
(root's password)
root@debian:~# pwd
/root

Your current directory should be /root, if not, you forgot the dash, so again do su -.

Now to edit that sudoers file, type in the command visudo

visudo edits the sudoers file in a safe fashion. visudo locks the sudoers file against multiple simultaneous edits, performs basic validity checks, and checks for syntax errors before installing the edited file. If the sudoers file is currently being edited you will receive a message to try again later. From the visudo man page.
root@debian:~# visudo 
visudo command editing the sudoers file using nano

Visudo creates a copy of the /etc/sudoers file - /etc/sudoers.tmp and starts the default terminal text editor which for most Linux Distros is nano to edit it. I did a Alt+N to display the line numbers.

To allow a user to use the sudo command they needed to be added to the User privilege specification and the easiest way to do this is to select the entry for root (line 20) and Copy it Alt+6 and in the line below Paste it Ctrl+U.

Hit the Up arrow key to go to the start of the newly pasted line and delete the root user name Ctrl+Del

Type in your username and then hit the Tab Key to line up all the ALL's

Then Ctrl+S to save the changes and finally Ctrl+X to Exit.

The sudoers.tmp file is then checked for errors and if all is OK it will be installed as the updated sudoers file and you will be able to use the sudo command to do stuff as root, needing only your own password.

After that worked out I re ran visudo and I typed in a nonsense entry on line 22 below my user name and saved the file Ctrl+S. When I did a Ctrl+X to close sudoers.tmp I got the following warning....

root@debian:~# visudo 
/etc/sudoers:22:14: syntax error
what happens if I write stuff here??
             ^~
What now? help
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

What now? x
root@debian:~# visudo 
visudo: /etc/sudoers.tmp unchanged
root@debian:~# 

I hit x to Exit without saving that last piece of nonsense.

With everything OK, log off as root by typing exit or Ctrl+D and you will be back as your normal user.

Try /sbin/fdisk --list again to see what would happen and then try sudo fdisk -l

bryan@debian:~$ /sbin/fdisk --list
fdisk: cannot open /dev/sda: Permission denied
fdisk: cannot open /dev/sr0: Permission denied

bryan@debian:~$ sudo fdisk -l
[sudo] password for bryan: 
Disk /dev/sda: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: TOSHIBA MQ01ABF0
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: D9BE69E7-D2B3-484D-9F2D-08508ABCDF14

Device         Start       End   Sectors   Size Type
/dev/sda1       2048   2099199   2097152     1G Windows recovery environment
/dev/sda2    2101248   4198399   2097152     1G EFI System
/dev/sda3    4200448   4462591    262144   128M Microsoft reserved
/dev/sda4    4462592 758976511 754513920 359.8G Microsoft basic data
/dev/sda5  758976512 767365119   8388608     4G Linux swap
/dev/sda6  767365120 976773119 209408000  99.9G Linux filesystem

Now in future for all your admin tasks use sudo, check out the sudoers man page for a lot more info!!!, right back to playing with nano.