Using sudo in Fedora

Many people who come to Fedora from Ubuntu are confused by the seeming lack of a sudo command. The sudo command is there, however, it's not enabled by default.

I do this a bit differently than many people, because my habits come from years of using FreeBSD. There is a group called wheel--on BSD and some Linux systems, it has more rights than other groups. So, first I add myself to the wheel group. Of course, since I don't have sudo enabled yet, first I have to su.
su
/usr/sbin/usermod -G wheel -a scott

Note that you will have to log out and log back in again for the change to take effect.

Next, as I prefer to only allow members of wheel to use the su command, I edit /etc/pam.d/su. I use vi, but use whatever editor you prefer. In there you will see a line saying something like uncomment the following line to only allow wheel members to su. Uncomment it. (For the beginner, lines beginning with a # are usually comments in shell scripts and configuration files. So, to uncomment the line in question, simply remove the # from the beginning of the line.)

Ok, now that's done. The next step is to edit /etc/sudoers. If you are familiar with vi, the best tool is visudo. It will notify you of any syntax errors. If you're not familiar with the vi editor, then use whatever editor you are used to using. To use visudo, in Fedora, if you simply type visudo, it will automatically open the /etc/sudoers file. You will see two lines that read
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL)       ALL

Once again, uncomment the line and save the file. After this, you will be able to use sudo rather than su for your commands. Note that you will still have to pay attention to your PATH variable as it won't include /sbin and /usr/sbin by default, where many of the commands that require root privilege are stored. (Follow the link for a quick explanation of it.)

If you don't want to be troubled with the whole wheel group thing, then you can simply add your own user name to sudo. Find that line that reads
root    ALL=(ALL) ALL

and copy it, changing root to your username.

Either way, from now on, you can use sudo rather than su. Note that to use sudo you use your username password, NOT root's password.

One other important point, if you use sudo in scripts. There might be times when you want to be able to run a command without putting in your password. The sudoers file will enable you to do that. The safest way is to limit that to necessary commands, for example, if you need it in a shell script. The sudoers file is read top to bottom, and final choice rules. So, if you have that line about wheel, there's nothing about not using a password. Say you then, for a script, need to run ifconfig without a password. You can add to the sudoers file
scott         ALL= NOPASSWD: /sbin/ifconfig

If you have several commands then separate them by commas, e.g., /sbin/ifconfig, /usr/sbin/adduser. If it spans more than one line use a backslash to indicate that the line should continue. Remember, there can be no white space at the beginning of the continued line. For example, say one of the two there ended a line and the next began another line
scott         ALL= NOPASSWD: /sbin/ifconfig, \
/usr/sbin/useradd

will work.

scott         ALL= NOPASSWD: /sbin/ifconfig, \
 /usr/sbin/useradd

will not work. (If you are using visudo, it will probably notify you that there is a problem.)

There are a few commands that cause errors with sudo. For example, sudo cd wherever will return command not found. This will happen with some builtin shell commands, such as cd. Builtin commands won't run in a child process. There are a few ways around it.

sudo -i

will simulate an initial login. You'll then see a #, indicating a root prompt. From there, you can run cd, or whatever in the same way you would as root. (When doing sudo -i, it will ask you for your password as usual).
sudo -s

runs your $SHELL as specified in either your environment settings (when you log in) or as specified in password. So, whether you use -i or -s, the point is that you'll be in a parent shell rather than a child one.

The other solution is to use sh -c. The sh means shell and -c is for class. So, you are running a shell, hence sh with your login class. In this case, the command would be
sudo sh -c 'cd wherever'

(Or, you could do sudo sh then, after getting the # prompt, do the cd wherever).

That's all there is to it. One can do a lot more with sudo, such as giving certain users the right to shutdown the system, etc. but the above should get you started.