KBTAG: kben10000012
URL: http://www.securityportal.com/lskb/10000000/kben10000012.html
Date created: 14/03/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: sudo - a secure administrative access
tool for Linux
Keywords: Administration/Tools,
Administration/Root
To do almost any administrative function in Linux one requires root (privileged) access. Unfortunately the built in mechanisms that can be used to grant this type of access are relatively weak. The primary tool is "su" which lets you run a shell as another user, unfortunately you need the other user's password, so everyone you want to grant root access will have the password and unrestricted access. A slightly more fine grained tool is the setuid or setgid bit, if this is set on a file, then the file runs as the user or group that owns it (typically root). Managing file permissions, and ensuring there are no bugs in the program that can be used to gain full root access is difficult at best. For an overview please see knowledge base article kben10000011.
Sudo gives a user setuid access to a program, and you can specify which hosts they are allowed to login from (or not) and have sudo access. You can specify what user a command will run as, giving you a relatively fine degree of control. Specify the hosts a user (or group) is allowed to log in from, this way if someone breaks into their account from another system they will not be able to use sudo immediately. Using the full pathnames to binaries is advisable, it can save you significant grief in the long run (i.e. if I give a user sudo access to "adduser", there is nothing to stop them editing their path statement, and copying bash to /tmp/adduser and grabbing control of the box.).
Sudo is available for most distributions as a core package or a contributed package. Sudo allows you to define groups of hosts, groups of commands, and groups of users, making long term administration simpler. Several examples:
# Give the user bob full access bob ALL=(ALL) ALL
# Give the user charles access to reboot from the console charles localhost=(root) reboot
#Create a group of users, a group of hosts, and allow then to shutdown the server as root Host_Alias WORKSTATIONS=localhost, station1, station2 User_Alias SHUTDOWNUSERS=bob, mary, jane Cmnd_Alias REBOOT=halt, reboot, sync Runas_Alias REBOOTUSER=admin SHUTDOWNUSERS WORKSTATIONS=(REBOOTUSER) REBOOT
http://www.courtesan.com/sudo/