CHAPTER24

Compiling, Installing, Configuring, and Using sudo

The main job of any good Systems Administrator is to protect the root password. No matter how firm and diligent we are about protecting the root password, we always have the application-support group and DBAs wanting root access for one reason or another. But, alas, there is a way to give specific users the ability to run selected commands, or all commands, as the root user without the need to know the root password. Facilitating this restricted root access is a free software program called sudo, which stands for superuser do. In this chapter we are going to show how to compile, install, configure, and use the sudo program. You can download the current distribution at http://sudo.ws(www.sudo.org was already taken).

Because sudo is not a shell script you may be asking, “Why is sudo included in this book?” I am including the sudo chapter because I have not found any reference to sudo in any scripting book, and it is a nice tool to use. We will cover a short shell script at the end of this chapter showing how to use sudo in a shell script.

The Need for sudo

In UNIX the root user is almighty and has absolutely no restrictions. All security is bypassed, and anyone with root access can perform any task, with some possibly resulting in major damage to the system, without any restrictions at all. UNIX systems do not ask, “Are you sure?” They just run the command specified by the root user and assume you know what you are doing. ...