Execute permissions and sudoers file in Linux

I want to make sure I am not wrong:

in Linux you can give a group Execute permission to a folder or file, you can also give a group  permissions in the Sudoer file to run certain commands.

to my understanding  you can give Execute permission to groupX to a folder /usr/bin they can run tcpdump ,
Or you can give groupX Execute permission directly to tcpdump file and they can run the file.

The other way is :
under Sudoer.d directory, you can also create a file for instance(accountants), then type the following commands:

%GroupX   ALL= /user/sbin/tcpdump

another thing that I want to know whether it is the same when we grant permissions inside the Sudoer file or it is better to create a file under Sudoer.d directory, then specify permissions inside the file.?

Thanks
jskfanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

serialbandCommented:
It depends on what you want them to be able to do.  Those 2 things are different.

Giving them execute permissions, allows them to run the program as themselves.

Giving them sudo permissions, allows them to run that program as if they were root.
0
Dave GouldOnsite SupportCommented:
Giving execute to a folder does not give execute rights to the files within.
Execute rights to a folder only give you the right to change directory (cd) to that folder. You still need the rights on the individual files.

As for sudo, I always modify the sudoers file (using visudo) directly.
sudo is more flexible for giving groups of users rights to certain commands and it is easier to trace who does what. This might be important to you. The only real diadvantage for the user is that he has to type sudo before the command.
0
jskfanAuthor Commented:
1-  So what is the difference between giving GroupX Execute permissions to tcpdump file
/usr/bin/tcpdump
and just do that through sudoer file. I guess the syntax is this:
%GroupX   ALL= /user/sbin/tcpdump

2- And what is the difference between adding the command to sudoer file directly:
%GroupX   ALL= /user/sbin/tcpdump
and creating a file(named accountant) under sudoer.d directory, and inserting the command inside the new file (accountant)?
0
Dave GouldOnsite SupportCommented:
1. When you run sudo, you are running the process as the process owner and not yourself.
This means that if the process needs access to other files that you don't normally have access to, it will still run because you are invoking it as root.
Imagine root owns your_script and this script calls another_script (also owned by root).
If you just give group execution rights to GroupX to yourscript, it will not be able to call another_script as GroupX doesn't have execution rights on the latter.
However sudo yourscript and it will run as the root user so when it calls another_script, there will not be a problem.
In your example of tcpdump, this is not likely to be a problem.

2. You can put everything into the sudoers file but some people prefer to have a sudoers file tha covers all the general rules and different config files that can be included as extras. ie include different particularities for some servers but not for others. In this case, you add the line "includedir /etc/sudoers.d" in your sudoers file and any files found in /etc/sudoers.d will also be read (files ending in ~ or containing a . are ignored).
There is no hard and fast rule as to which method you prefer. It is a personal preference.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.