Discover LinuxSecurity Features
April 2008 Open Source Tool of the Month: sudo
Every good systems adminstrator knows that you should never log directly into your machine as root: you should always log in as a normal user then, as you need root access, su(1) to root. The dangers and perils of performing unnecessary operations as root are well-known and the main problem with su -- that the person using it needs the root password -- is more than obvious. Every good product finds a need and fills it, and that's exactly what sudo did, according to it's Wikpedia page, "around 1980."
sudo (su "do") "allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments." Setting up sudo is a snap: use visudo(8) to safely edit /etc/sudoers, add the appropriate aliases and user specifictions, and then run sudo to test it. Because you use your own password "to sudo to root" the systems administrator does not have to divulge the root password and because of sudo's flexibility, you can run individual commands instead of having to drop to a full-blown shell. For example, to restart apache, you can just run "sudo /etc/init.d/httpd restart" instead of "su -; /etc/init.d/httpd restart; exit".
For the month of April we will post as many articles and HOWTO's on sudo as possible, so if you have any of your own and would like to see them featured on LinuxSecurity.com, send them along!