11-30-2003, 10:28 AM
Registered: Mar 2003
Distribution: Slackware, RedHat, Debian
Welcome to LQ.
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the
sudoers file. The real and effective uid and gid are set to match those of the target user as specified
in the passwd file (the group vector is also initialized when the target user is not root). By default,
sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's
password, not the root password). Once a user has been authenticated, a timestamp is updated and the
user may then use sudo without a password for a short period of time (5 minutes unless overridden in
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v
flag a user can update the time stamp without running a command. The password prompt itself will also
time out if the user's password is not entered within 5 minutes (unless overridden via sudoers).
If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the
proper authorities, as defined at configure time or the sudoers file (defaults to root). Note that the
mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows
users to determine for themselves whether or not they are allowed to use sudo.
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or
both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudo-