In this article, we will discuss about managing sudo access in a linux system. We will strengthen sudo security by removing unnecessary default settings and configure sudo to always require a password. Then, we'll permit specific user accounts to use sudo.

Introduction

sudo  is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser.

How to restrict sudo

  1. Disable the Use of the wheel  Group in the /etc/sudoers by comment out the following line in the /etc/sudoers file
%wheel  ALL=(ALL)       ALL 


2. Provide Full sudo Access to john, max, and robert

john	ALL=(ALL)		ALL
max	ALL=(ALL)		ALL
robert	ALL=(ALL)		ALL

3. Configure sudo to Require a Password Each Time the sudo Command Is Used by adding the following line to the /etc/sudoers file:

Defaults    timestamp_timeout=0