A quick reference to...
O ne factor in the security of Linux is that you are usually running as a user without root privileges. However, there are times when you need those privileges, usually for administrative purposes, so you need to switch to the superuser (or root). This is traditionally done with the su (switch user) command, but that gives full root access, allowing the user to do anything that root could for as long as they are logged in. It also requires them to have the root password. Wouldn’t it be safer if users were only allowed to run as root for the commands they need? This is what sudo does. The configuration file, /etc/sudoers, contains a list of commands that each user is allowed to execute with root privileges. Running sudo somecommand prompts the user for their password and runs the command. It’s the user’s password that sudo needs, not the root password, you don’t need to divulge that to anyone. This, combined with the fact that only specified commands can be run, greatly improves security. This is the way Ubuntu works, which is why you don’t need a root password with it. A typical entry in /etc/sudoers may look like: nelz ALL = NOPASSWD: /bin/mount,/bin/
umount This lets the user nelz run mount or umount on all hosts. You can remove the need for them to enter a password like this nelz ALL = NOPASSWD: /bin/mount,/bin/ umount
Use this with care! You can define aliases for groups of users or commands to make administering a complex setup simpler. You should not edit /etc/sudoers directly, use
visudo , as root, to edit it. Contrary to the name, this doesn’t necessarily use vi to edit the file. The command checks the syntax of your edits before writing them to /etc/sudoers, so you don’t lock yourself out with a typo.