How to configure sudo restriction and authorization

With the sudo command you can restrict, for example, the commands that a user can execute with admin rights. This video shows you how to do it.

To watch my previous video about sudo, how to install it on a Debian system and how to add a user on the sudo group:
https://youtu.be/LULY2VODa4g

To see my Debian Linux playlist:
https://www.youtube.com/playlist?list=PLjGtyZkpg2jYHjw-xZDebq2e8Waq3MkEy

Version francaise (French version):
https://youtu.be/nd5VeS4U3w0

0:00 Intro
1:58 Prerequisites
2:10 Why to use visudo command to edit sudoers config file.
2:43 Configure sudo restrictions for a user or group.
6:55 How to find out the full path of a command.
8:10 An configuration example where a user can only use apt and fdisk with sudo.
8:54 I test the changes.
10:15 Restricts a command to only certain options.
11:24 Another way to specify multiple commands.
12:22 Sudoers file localisation.
12:47 Write our new sudoers config in a file separate from the main file.
15:02 To view a user's sudo permissions
16:06 Configure sudo aliases
20:34 Security hint, pay attention to the command you give to your users.
21:36 Conclusion

-------------------

Some commands and example used on this video:

visudo

ou

visudo -f /etc/sudoers.d/custom

----------------

bob ALL=(ALL:ALL) /usr/bin/apt /usr/sbin/fdisk

bob ALL=(ALL:ALL) /usr/bin/apt update,/usr/sbin/fdisk

bob ALL=(ALL:ALL) /usr/bin/apt update
bob ALL=(ALL:ALL) /usr/sbin/fdisk

--------------------

Cmnd_Alias SOFTWAREUPDATE = /usr/bin/apt update, /usr/bin/apt upgrade, /usr/sbin/reboot

User_Alias JUNIOR = bob, robin

JUNIOR ALL=(ALL:ALL) SOFTWAREUPDATE

Видео How to configure sudo restriction and authorization канала benlinux-en