pavement

Sudo

From FreeBSDwiki
Revision as of 01:41, 14 September 2004 by Dave (Talk | contribs)
Jump to: navigation, search

sudo allows a user to run a program or perform a task without having to login as root directly or even knowing the root password. sudo works by authenticating the user (with the user's password) against the /etc/sudoers file that gives specific rights to run sudo. Note that you have to use visudo to edit /etc/sudoers, and that you have to do it as root; you can't do it any other way.

Good side of sudo

It limits access to the root password, while still enabling administrative functions.

Very configurable, allows you to specify which groups or specific users have access to specific files or functions

Bad side of sudo

Difficult to configure correctly (or rather, really easy to misconfigure if you're not sure of what you're doing).


Gotchas

1. You can use the -u flag to set a user to run as. (e.g.: su -u named /usr/local/sbin/rndc reload)

2. sudo is a setuid binary. Be careful what you set as sudo-able; if you let sudo run interactive commands (e.g., shells, editors, compilers/interpreters,) since it's possible to exploit this to get arbitrary commands to run inconspicously. For more information on how to limit sudo, see Configuring_sudo.

Personal tools