Learn to Create your own custom sudoers Entries in Linux

Andrew really is one of the best linux explainers. His topics are always refreshing and not only useful but open the doors of curiosity that linux fosters and celebrates. Bravo Andrew.

The best channel to learn Linux. Cheers from Angola (Africa).

Excellent video. I learned a lot about sudo. Thank you.

There's one thing which troubles me about every explanation I have seen of sudo. Contrary to what most people think, it does not prevent users from running certain commands. The filesystem does that. If permissions on a file are rwxr-xr-x (755), then a non-admin user can run it. That means they can run all the commands under /usr/sbin without using sudo. Their status as a non-admin user does not prevent them from running commands, but it does prevent the commands they run from accessing certain files, sockets, memory, and other resources for which they do no have appropriate permissions. This is a subtle but important difference. sudo does not enable access to executables; it enables executables access to files and resources based on user credentials, which is not quite the same thing.
Why is this important? Because, as a system administrator who is attempting to build an appropriate sudoers file, I don't always know the full security properties and implications of every executable under /bin or /sbin. Some commands may provide critical intel to a non-admin "explorer," even if they can't necessarily use them to change anything. That's an undesirable situation. It would be a lot easier and more straightforward if I could use sudo to implement a software whitelist, where the user is only allowed to execute certain specified commands, and all others are blocked by default. Then I don't have to know and understand the security implications of every command. I can allow users to run only the ones I do understand.
In short, sudo is not a software blacklisting or whitelisting tool. It's just a privilege escalation tool, and that's a whole lot different.

I am a big fan of yours ( kinda silent one so far :) ). This is what I was looking for (not actively though)...It demystified the sudoers file's potential, to me...THANK A TON!

Waoo you actually did what I asked for. You are so so so so awesome. Thank you so so much

Good content as always, Mr. Urban Penguin - 💖
One thing though, the man page mentions this about groups in the sudoers file:
Multiple users and groups may be present in a Runas_Spec, in which case the user may select any combination of users and groups via the -u and -g options. In this example:
alan ALL = (root, bin : operator, system) ALL
user alan may run any command as either user root or bin, optionally setting the group to operator or system.
The man page explanation leaves a lot to be desired. Any chance you can expand on it in a comment or maybe a companion video?

Thanks for sharing.

thanks for explaining it so well

Excellent tutorial.

Excellent video sir

Can you do a video on xrandr and how to make those changes permanent? Your vids are always full of quality content. Thanks.

Thank you!

Excellent sir

I've locked myself out of a few machines by editing the sudoers configuration with nano :)

Hello Andrew,
Can you make a video series on nftables?
Thank you

As always you present Linux very clear and beautifully explained. Do you think in near future you can have sessions on selinux and fapolicyd?

can you do a Video on special permissions

Thank you. Is there any way we can set the helpdesk user as a default user to login on these systems ? Can one helpdesk user be set as a default user on multiple hosts ?