Sudo is not limited to self-restriction of privileged users. It is actually most powerful when enabling unprivileged users to perform specific privileged tasks. If certain users need to run certain processes with root permissions, without the need for root access to everything on the box, sudo is a perfect solution. It allows the specification of a full path to commands that users are allowed to run.
For example, let's say a junior security analyst on a team needs to perform packet captures from a Linux box using a tcpdump of various network traffic scenarios, but the analyst does not need to view certain other packet captures that reside on the box. The analyst needs root permissions to run tcpdump, but providing the root password is unadvisable. You can use sudo to enable tcpdump to function normally, and the user in question would only need his/her own login password. For instance, if the /etc/sudoers file contains the following entry, the lacky user can run /usr/sbin/tcpdump as root on the server overlord.
Lacky overlord = usr/sbin/tcpdump
For the sake of being comprehensive, the server argument is specified to allow a single sudoers file to provide the configuration for multiple servers from a shared network location. One of sudo's original specifications was that its configuration file could be centrally located and accessible from multiple machines on a network and that a single file could provide all of the user permissions for various servers. In this way, administrators have the option of creating and updating a single file in a single location, instead of making rounds to various machines.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.