Adding User Authorizations in the sudoers File

To set user privileges directly in the /etc/sudoers file, run the visudo command without specifying a file location:

sudo visudo

You can append permissions to the /etc/sudoers file in the same format that you would use if you were adding those permissions to user files in the /etc/sudoers.d/ directory.

In both cases, you can use aliases to assign broader permission categories instead of specifying each command individually. The ALL alias functions as a wildcard for all permissions, so to set the user bob to have sudo permission for all commands on all hosts:

bob        ALL=(ALL)      ALL

Other category aliases are listed in the /etc/sudoers file and the sudoers(5) manual page. You can create custom aliases using the following format:

Cmnd_Alias ALIAS = command

You can also add several aliases on the same line, separated by commas. For example, to grant the user alice permission to manage system services and software packages:

Cmnd_Alias SOFTWARE=/bin/rpm, /usr/bin/up2date, /usr/bin/yum
Cmnd_Alias SERVICES=/sbin/service, /sbin/chkconfig, /usr/bin/systemctl start, /usr/bin/systemctl stop, /usr/bin/systemctl reload, /usr/bin/systemctl restart, /usr/bin/systemctl status, /usr/bin/systemctl enable, /usr/bin/systemctl disable
alice      ALL= SERVICES, SOFTWARE

Both users still need to use sudo when they run privileged commands:

sudo systemctl restart service