Go to TogaWare.com Home Page.
GNU/Linux Desktop Survival Guide
by Graham Williams
Google

SUDO: Root Access


The sudo package allows a normal user to execute commands as root in a controlled manner.

Debian's sudo package has the password timeout set to 15 minutes. This means that when you first enter your password, as long as you don't wait more than 15 minutes between sudo commands, you won't have to enter it again. The password timeout can be immediately expired with sudo -k.

Debian's sudo is compiled with

  --with-exempt=sudo
  --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:...

As a consequence, the PATH of the user is ignored except if the user is in group sudo.

Adding users to the group sudo allows those users to execute sudo without a password but this is strongly discouraged.

Sudo allows a fairly fine grain of control. Note that inclusions (lists of specific commands/paths allowed, rather than rejected) is preferable. But be careful granting root access to commands with shell escapes.


Copyright © 1995-2006 Graham.Williams@togaware.com
Contribue and access the PDF Version