The Quick & Dirty Guide to Sudo

Introduction

Sudo is a very neat tool that lets users run commands under a different UID, without requiring SUID for those executables. In addition, a given user can run only certain commmands, under a certain UID, and for a limited period of time before being prompted again for his login password. All errors are logged.

Here's a sample:

# cat /etc/sudoers

# Host alias specification
Host_Alias ACME=linux.acme.com, fred.acme.com

# User alias specification
User_Alias ADMIN=root, ffaure

# Cmnd alias specification
Cmnd_Alias EDITOR=/bin/vi
Cmnd_Alias SCRIPT=/root/list.sh

# FF/Run as alias
Runas_Alias RUNASROOT=root

# User privilege specification
root ALL=(ALL) ALL
ffaure ACME=(RUNASROOT) EDITOR,(RUNASROOT) SCRIPT
Here, I can login as ffaure, run sudo /bin/vi, and any file that I create will be owned by root:root!

Resources