We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

What you most likely did not know about sudo…

Formal Metadata

Title
What you most likely did not know about sudo…
Title of Series
Number of Parts
490
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Everybody knows sudo, right? Sudo allows a system administrator to give certain users the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do! Everybody knows sudo, right? Sudo allows a system administrator to give certain users the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do! Most of the times the default configuration allows a group of users to run any commands: %wheel ALL=(ALL) ALL It’s a good first step, better than using the root account directly. This way you can trace who ran what commands on the system. But there are a lot more possibilities when configuring sudo, making your system more secure. Life is simple when when you have to give access a single user to a single command. But as soon as you have multiple users with the same access rights, it is not just shorter but also easier to maintain, if you use aliases. For added security, you can add a hash of binaries to sudo. This way if the binary changes for any reasons, like modifying it through a successful exploit, you can prevent it from being used.