The sudo
package allows a normal user to execute commands as
root in a controlled manner.
Debian's sudo
package has the password timeout set to 15
minutes. This means that when you first enter your password, as long
as you don't wait more than 15 minutes between sudo commands, you
won't have to enter it again. The password timeout can be immediately
expired with sudo -k .
Debian's sudo is compiled with
--with-exempt=sudo
--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:...
|
As a consequence, the PATH of the user is ignored except if the user
is in group sudo.
Adding users to the group sudo allows those users to execute
sudo without a password but this is strongly discouraged.
Sudo
allows a fairly fine grain of control. Note that
inclusions (lists of specific commands/paths allowed, rather than
rejected) is preferable. But be careful granting root access to
commands with shell escapes.
Copyright © 1995-2006 [email protected]
|