Title: Secure administrative access tool for Linux - sudo

KBTAG: kben10000012
URL: http://www.securityportal.com/lskb/10000000/kben10000012.html
Date created: 14/03/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: sudo - a secure administrative access tool for Linux
Keywords: Administration/Tools, Administration/Root

Summary:

To do almost any administrative function in Linux one requires root (privileged) access. Unfortunately the built in mechanisms that can be used to grant this type of access are relatively weak. The primary tool is "su" which lets you run a shell as another user, unfortunately you need the other user's password, so everyone you want to grant root access will have the password and unrestricted access. A slightly more fine grained tool is the setuid or setgid bit, if this is set on a file, then the file runs as the user or group that owns it (typically root). Managing file permissions, and ensuring there are no bugs in the program that can be used to gain full root access is difficult at best. For an overview please see knowledge base article kben10000011.

More information:

Sudo gives a user setuid access to a program, and you can specify which hosts they are allowed to login from (or not) and have sudo access. You can specify what user a command will run as, giving you a relatively fine degree of control. Specify the hosts a user (or group) is allowed to log in from, this way if someone breaks into their account from another system they will not be able to use sudo immediately. Using the full pathnames to binaries is advisable, it can save you significant grief in the long run (i.e. if I give a user sudo access to "adduser", there is nothing to stop them editing their path statement, and copying bash to /tmp/adduser and grabbing control of the box.).

Sudo is available for most distributions as a core package or a contributed package. Sudo allows you to define groups of hosts, groups of commands, and groups of users, making long term administration simpler. Several examples:

# Give the user ‘bob’ full access
bob ALL=(ALL) ALL
# Give the user charles access to reboot from the console
charles localhost=(root) reboot 
#Create a group of users, a group of hosts, and allow then to shutdown the server as root
Host_Alias WORKSTATIONS=localhost, station1, station2
User_Alias SHUTDOWNUSERS=bob, mary, jane
Cmnd_Alias REBOOT=halt, reboot, sync
Runas_Alias REBOOTUSER=admin
SHUTDOWNUSERS WORKSTATIONS=(REBOOTUSER) REBOOT

Downloads:

http://www.courtesan.com/sudo/