Is There a Good Way to Grant root Permissions on a Limited Basis?
Yes. sudo is a program that allows a given user to execute commands as though they were a user other than themselves (including root). This allows the system administrator to delegate the use of some programs that would otherwise only be executable by root.
When installed, the sudo program must have its SUID (set user id) bit set. Having the SUID bit set means that the Linux kernel will trust sudo to execute programs as root and to change a program’s UID (user id) during runtime.
The configuration file for sudo is /etc/sudoers. In short, it associates users with privileges. A privilege can be defined on three different levels. It describes what you can execute, as which users, and on what hosts. On top of that, users and privileges may also be aggregated into groups.
Due to the fact that the syntax can be tricky at times, it is strongly recommended that visudo be used to edit this file. visudo provides integrity checks that ensure that /etc/sudoers is never in an invalid state.
That having been said, let’s start with a simple example. The most generous level of privileges that could be bestowed is:
q ALL = (ALL) ALL
The word ALL is a special, context-sensitive alias that can mean three different things, depending on what part of a…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
