Using Sudo to Manage Administrators

The sudo command and capability (superuser do) can be a valuable tool when multiple users are responsible for managing parts of a server or servers. In particular, sudo is important when you need to restrain the use of ‘root’ and/or need to log all administrative actions and changes and would like a record of who did what.

My main preference for sudo is its expiring session (or ticket as GratiSoft calls it). Once switched into sudo for activity, the session expires after five minutes, or continues at five minute (can be modified) intervals as commands are executed. This allows for added security if an administrator leaves his or her workstation briefly as a root shell is not left open.

GratiSoft maintains an excellent web site on sudo (and sponsors the development of sudo) — (http://www.courtesan.com/sudo/sudo.html).

Through building a configuration file, a senior administrator can dole out system admin responsibilities through sudo, assigning what commands can be executed by username per host. In addition, being carried out in a multiple host environment, audit trail logging done on a centralized host as well as each systems localhost logs.

GratiSoft suggests correctly that one way to get more familiar with sudo is to review a sample configuration. They posted one such file here.

As sudo supports numerous platforms, this also works in mixed OS environments — see the supported platforms here.

Replay

Category: open source Time: 2004-10-09 Views: 1
Tags:

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.102 (s). 12 q(s)