Adding User Authorizations in the sudoers.d Directory

To set privileges for a specific user, add a file for them in the /etc/sudoers.d directory. For example, to set sudo permissions for the user alice:

sudo visudo -f /etc/sudoers.d/alice

You can append permissions to /etc/sudoers.d/alice in the following format:

usernamehostname=command

username is the name of the user, hostname is the name of any hosts for which you're defining permissions, and command is the command you're giving the user permission to run, specifying the full executable path and allowed options. If you don't specify options, then the user can run the command with full options.

For example, to grant the user alice permission to install packages with the sudo dnf command on all hosts:

alice           ALL=/usr/bin/dnf

You can also add several comma separated commands on the same line. To let the user alice run the sudo dnf and sudo yum commands on all hosts:

alice           ALL=/usr/bin/dnf, /usr/bin/yum

The alice user still needs to use sudo when they run privileged commands:

sudo dnf install package

Use ALL=(ALL) in /etc/sudoers.d/username to specify that a user can run specified commands as any user, typically root, on any host by using sudo. For example, the following grants full root privileges to the user alice:

alice           ALL=(ALL)

The following lets alice run the /usr/bin/dnf command with sudo as any user, but doesn't grant full root privileges or the ability to run other commands with sudo:

alice           ALL=(ALL) /usr/bin/dnf