Using sudo
2 - 3 min read
Aug 07, 2000
If you absolutely positively need to allow someone (hopefully very trusted) to have superuser access to your machine, there are a few tools that can help. sudo allows users to use their password to access a limited set of commands as root. sudo keeps a log of all successful and unsuccessful sudo attempts, allowing you to track down who used what command to do what. For this reason sudo works well even in places where a number of people have root access, but use sudo so you can keep track of changes made.
Although sudo can be used to give specific users specific privileges for specific tasks, it does have several shortcomings. It should be used only for a limited set of tasks, like restarting a server, or adding new users. Any program that offers a shell escape will give the user root access. This includes most editors, for example. Also, a program as innocuous as /bin/cat can be used to overwrite files, which could allow root to be exploited. Consider sudo as a means for accountability, and don't expect it to replace the root user, yet be secure.
To do almost any administrative function in Linux one requires root (privileged) access. Unfortunately the built in mechanisms that can be used to grant this type of access are relatively weak. The primary tool is "su" which lets you run a shell as another user, unfortunately you need the other user's password, so everyone you want to grant root access will have the password and unrestricted access. A slightly more fine grained tool is the setuid or setgid bit, if this is set on a file, then the file runs as the user or group that owns it (typically root). Managing file permissions, and ensuring there are no bugs in the program that can be used to gain full root access is difficult at best.
More information:
There are several tools that let you tightly control root access to various programs, they all act as intermediaries, checking who has called them, possibly asking for a password, and applying other criteria before executing the program in quesiton as root.
Sudo gives a user setuid access to a program, and you can specify which hosts they are allowed to login from (or not) and have sudo access. You can specify what user a command will run as, giving you a relatively fine degree of control. Sudo now ships with some Linux distributions, and binary packages / source are widely available.
Super can be used to give certain users (and groups) varied levels of access to system administration. In addition to this you can specify times and allow access to scripts. Debian ships with super, and there are binary packages and source widely available.
runas let's you define a configuration file listing the command, who it runs as, and which users/groups/etc. are allowed to run it.. In addition to this you can restrict the use of options (arguments), and you can prompt the user for a reason (which is logged to syslog).
Downloads:
