Everybody knows sudo, right? Sudo allows a system administrator to give certain users the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do! Everybody knows sudo, right? Sudo allows a system administrator to give certain users the ability to run some commands as root, while logging the executed commands and their arguments. It is installed by default on almost all Linux systems, and is available for most commercial UNIX systems. Still, even system administrators often only know it is the “prefix” to use before entering a command requiring root privileges. Learn how much more this simple looking tool can do! Most of the times the default configuration allows a group of users to run any commands: %wheel ALL=(ALL) ALL It’s a good first step, better than using the root account directly. This way you can trace who ran what commands on the system. But there are a lot more possibilities when configuring sudo, making your system more secure. Life is simple when when you have to give access a single user to a single command. But as soon as you have multiple users with the same access rights, it is not just shorter but also easier to maintain, if you use aliases. For added security, you can add a hash of binaries to sudo. This way if the binary changes for any reasons, like modifying it through a successful exploit, you can prevent it from being used. |