Sudo
`Sudo` is an enhanced alternative to the Unix `su` command.
Sudo stands for “su do,” and means “do something as the supervisor.”
Sudo’s Capabilities
Sudo allows system administrators to control who can run some (or all) commands as root. This ability to restrict users can be configured on a per-host basis, and is a much more flexible way of controlling what commands a user may perform.
Sudo allows users to perform certain, selected commands as if they were the UNIX root account, but because Sudo is customizable to give selective access by user, machine, and command, it saves a system administrator from having to give the root password to everyone at an office. It also removes the need to change the root password every time an employee or group member leaves.
Sudo also logs all commands and arguments, allowing a system administrator to see exactly who does what, and when they do it. In combination with the aforementioned selective access features, Sudo can be a huge asset for Unix system security.
Installing, Configuring, and Using Sudo
Sudo is compatible with most varieties of Unix operating system, and the current stable release is Sudo 1.8.3p1. It can be downloaded at the Sudo website.
Sudo’s configuration file is called the sudoers file, and an example of its script can be found here, along with a complete explication of its syntax in the users manual, which can be found here.
Background on Sudo
Sudo is Unix freeware that has been developed and contributed to by many people over the last couple decades. It was conceived of and implemented by Bob Coggeshall and Cliff Spencer in 1980, and first posted to the Internet through the net.sources Usenet group newsgroup in December of 1985. In 1993, Todd C. Miller took over maintenance of the ever-developing project, and he has remained in this position ever since.
sudo Example
This example uses the `whoami` command to show that `sudo` is working:
bash-2.05a$ sudo whoami [sudo] password for will: root
|
|
- How to Change Your Shell
Under some version of Unix, users can use the `chsh` or `passwd -e` commands to edit the shell configured for their account in the passwd file. Under other Unix variants, only the root user can use these commands. Your shell is defined in the last field of the password file. If you have “root” privileges, you [...]...
- How to List Unix Users
List Logged In Unix Users Unix has many commands to list users who are logged in. These commands include ‘w,’ ‘who,’ and ‘users:’ $ w 9:51PM up 99 days, 5:39, 2 users, load averages: 0.83, 0.90, 0.90 USER TTY FROM LOGIN@ IDLE WHAT will p0 c-66-164-235-73. 8:11AM - w spencer p3 c-66-164-235-73. 8:26PM 1:24 pine [...]...
- Where to Find a Unix Tutorial
Unix has many dedicated fans who have written quite a few excellent Unix tutorials for beginning users. Here are a few of the better Unix tutorials: Unix Tutorial for Beginners Unix: The Bare Minimum Introduction to Unix commands Unix Tutorial UNIXhelp for Users Unix Tutorial and Command Reference Unix Tutorial...
- How to Find Out CPU Utilization in UNIX
Keeping track of your CPU’s performance is extremely important. In UNIX, you can accomplish this task by using the system utilities and commands. For those who would like to find out their CPU utilization, one command is extremely important. It is called SAR – System Activity Reporter. The SAR commands make accessing CPU performance quite [...]...
- How to Change a Unix Password
To change your Unix password, use the `passwd` command. Unless you are the “root” user, you will need to know your current password to set a new one. If you have forgotten your current password, you will need to contact the “root” user to have your password reset. Here is an example of the user [...]...