sudo Command


sudo Command

Users of the sudo command should take extra care to log out before walking away from their machines since the root user can use the command again without being asked for a password within a five minute period. This setting can be altered with the configuration file, /etc/sudoers. To do this open the terminal and enter:

# vi /etc/sudoers

Only users listed in the /etc/sudoers configuration file are allowed to use the

sudo command and the command is executed in the user's shell, not a root shell. This means the root shell can be completely disabled.

The sudo command also provides a comprehensive audit trail. Each successful authentication is logged to the file /var/log/messages and the command issued along with the issuer's user name is logged to the file /var/log/secure.

To view the /var/log/messages file enter:

# more -f /var/log/messages

# more -f /var/log/secure

Another advantage of the sudo command is that an administrator can allow different users access to specific commands based on their needs. Administrators wanting to edit the sudo configuration file, /etc/sudoers , should use the visudo command. Type the command:

# visudo -f /etc/sudoers

To give someone full administrative privileges, type visudo and add a line similar to the following in the user privilege specification section:

<username> ALL=(ALL) ALL

Who's new

Recent comments

No comments available.

Who's online

There are currently 0 users online.