Linux and other UNIX-like operating systems commonly have two levels of user privilege: the root
user, who can edit system files and perform operations tasks, such as rebooting the machine, and normal users, who can only edit and read files owned by themselves, and have no special privileges. This ensures that users don't get access to files or commands that they shouldn't have. However, sometimes you need to grant special privileges to a user, without giving her full access to the root
account. You can do this using a UNIX command called sudo
.
The sudo
command allows normal users to run commands with root privileges, if this is specifically authorized by the system administrator. For example, a developer user might be given privileges to run service nginx restart
as root
.
The set of users allowed to assume root privileges, and the specific commands they can run, is specified in the file /etc/sudoers
. We can use Puppet to manage this file, and thus control user privileges...