Sudo
Line 10: | Line 10: | ||
− | + | ==Gotchas== | |
+ | |||
+ | 1. You can use the -u flag to set a user to run as. (e.g.: '''su -u named /usr/local/sbin/rndc reload''') | ||
+ | |||
+ | 2. [[sudo]] is a [[setuid]] binary. Be '''careful''' what you set as sudo-able; if you let sudo run interactive commands (e.g., shells, editors, compilers/interpreters,) since it's possible to exploit this to get arbitrary commands to run inconspicously. For more information on how to limit [[sudo]], see [[Configuring_sudo]]. | ||
+ | |||
+ | |||
[[Category:System Commands]] [[Category:Ports and Packages]] | [[Category:System Commands]] [[Category:Ports and Packages]] |
Revision as of 00:41, 14 September 2004
sudo allows a user to run a program or perform a task without having to login as root directly or even knowing the root password. sudo works by authenticating the user (with the user's password) against the /etc/sudoers file that gives specific rights to run sudo. Note that you have to use visudo to edit /etc/sudoers, and that you have to do it as root; you can't do it any other way.
Good side of sudo
It limits access to the root password, while still enabling administrative functions.
Very configurable, allows you to specify which groups or specific users have access to specific files or functions
Bad side of sudo
Difficult to configure correctly (or rather, really easy to misconfigure if you're not sure of what you're doing).
Gotchas
1. You can use the -u flag to set a user to run as. (e.g.: su -u named /usr/local/sbin/rndc reload)
2. sudo is a setuid binary. Be careful what you set as sudo-able; if you let sudo run interactive commands (e.g., shells, editors, compilers/interpreters,) since it's possible to exploit this to get arbitrary commands to run inconspicously. For more information on how to limit sudo, see Configuring_sudo.