Allow or deny access

Allow or Restrict sudo access to Users in linux

On collaborative work, you would give access to others who would be helping you out on the code or system admin stuff.

The question would be, how limited can you go with granting access to the users?

The first thing would be adding the user to the sudoers list, lets say you have created a new user named tom and you want to grant sudo access to this user

You can edit the sudoers file with whatever editor you are using. But the most recommended way would be using visudo

sudo visudo 

Grant all the access to user

If you want to give the world access to the user, then add the following line and save the file


tom is the user you want to grant permissions and the first ALL is for the host and the ALL in the bracket is referring to other accounts the user sudouser can act as and the final ALL would be for list of commands – in this case tom has every access provided.

Grant only some commands

Lets say you want to give tom an access of copy and renaming a file

tom ALL=/bin/cp,/bin/mv

The above command would tell the system the user tom has access to cp and mv only. You might need to check the correct binary to cp and mv using which command. That is which cp would tell you the right path to the binary of the cp.

Allow the user everything but installing new softwares using apt-get

Ok, so you might want to give every access to the user but you want to limit installing new softwares using apt-get

tom ALL=ALL,!/usr/bin/apt-get

Here tom can do everything but not apt-get. If you add the ! in front of the command, it means don’t allow.

So using the combinations of the above you can reach the level where you can grant and deny any command for the user of interest

Allowing others to use mysql from user machine on ubuntu- simple one!

It is customary sometimes to share the part of the database from sandbox to a fellow developer or to access it from the other machine – umm.. is it not how the servers are doing it?? what are you talking about 😉

Anyway here is a simple note to make it happen.1. We need to bind the machine name for the server. to do that
open your my.cnf – inside the /etc/mysql/my.cnf for debianish machines and search for the
[mysqld] and add the following
bind-address = your ip address goes here
you can find your ip address from


then save the file and restart your mysql

sudo /etc/init.d/mysql restart

There are ways to assign for a specified user from the specified ip addresses as well.
Like if you have database db1 and user1 from ip address then

grant select, insert, update on db1.* to 'user1'@''