Gives access to root user for a period of time

rootusers

I want to know if it's possible to give access to root user for one week or a month, for example.

It's possible to increase the period of time before the defined period ends?
Is it possible to give access without time limitation, forever?

Best Answer

Since you can add and remove users at will from sudoers, all you need is a way to schedule it.

One way you could do this is to do something like this with sudoers:

  • Edit /etc/sudoers using sudo visudo, and add a statement for that user with a unique string on the end:
username ALL=(ALL) ALL
  • Schedule this line to be removed in one month. My preferred way would be to use at if you have it (it's bundled with atd), but you can also schedule it manually using cron:
at now + 1 month <<< "sed -i '/^username ALL=(ALL) ALL$/d' /etc/sudoers"
Related Question