Sudo

`Sudo` is an enhanced alternative to the Unix `su` command.

Sudo stands for “su do,” and means “do something as the supervisor.”

Sudo’s Capabilities

Sudo allows system administrators to control who can run some (or all) commands as root. This ability to restrict users can be configured on a per-host basis, and is a much more flexible way of controlling what commands a user may perform.

Sudo allows users to perform certain, selected commands as if they were the UNIX root account, but because Sudo is customizable to give selective access by user, machine, and command, it saves a system administrator from having to give the root password to everyone at an office. It also removes the need to change the root password every time an employee or group member leaves.

Sudo also logs all commands and arguments, allowing a system administrator to see exactly who does what, and when they do it.  In combination with the aforementioned selective access features, Sudo can be a huge asset for Unix system security.

Installing, Configuring, and Using Sudo

Sudo is compatible with most varieties of Unix operating system, and the current stable release is Sudo 1.8.3p1. It can be downloaded at the Sudo website.

Sudo’s configuration file is called the sudoers file, and an example of its script can be found here, along with a complete explication of its syntax in the users manual, which can be found here.

Background on Sudo

Sudo is Unix freeware that has been developed and contributed to by many people over the last couple decades. It was conceived of and implemented by Bob Coggeshall and Cliff Spencer in 1980, and first posted to the Internet through the net.sources Usenet group newsgroup in December of 1985.  In 1993, Todd C. Miller took over maintenance of the ever-developing project, and he has remained in this position ever since.

sudo Example

This example uses the `whoami` command to show that `sudo` is working:

bash-2.05a$ sudo whoami
[sudo] password for will:
root