SUDO Basics

Intro, intermediate and advanced HOWTOs and discussion.
Post Reply
User avatar
weazy
Ex-Admin
Posts: 1688
Joined: Sun Jul 07, 2002 10:02 am
Location: any given
Contact:

SUDO Basics

Post by weazy » Fri May 30, 2003 5:25 pm

Its common knowledge that logging in as root is bad. su is often used instead. While this is good practice, Sudo is a better tool. Sudo gives fine-grained permissions to specific users to do things as root, using their password instead of root password.

Whereas, su is a global tool, if you issue the command su alone and you know root's password, you'll receive a root shell. This can be dangerous because it requires you to give complete trust to someone doing something on your box that can only be done as root, such as restart a Web or mail server.

With sudo, you can define who gets to do what as root. In addition, you don't need to share the root password, and other users don't get full root shell access.

You can download sudo from the Courtesan Web site; however, most Linux distributions already come with sudo. If it isn't already installed, sudo should be available on your installation CDs as an optional package. Get Sudo

Something else you can do with sudo is lock access to su. If you strip the setuid bit from /bin/su and grant a user access to use su via sudo, you can prevent people who might guess your root password from becoming root. Only the user you've given permission to execute su, as root, will be able to use it.
--The Devil is in the Details--

Post Reply