9.2.4 Working more safely – sudo
My usage of sudo
is mostly a protection from my own stupidity.
Personally, I consider using sudo
a better alternative to always
using the system as root.
Install sudo
and activate it by setting options in /etc/sudoers
. Also check out the
sudo group feature in /usr/share/doc/sudo/OPTIONS
.
The sample configuration provides "staff" group members access to any
commands run as root under sudo
and also gives "src"
members access to selected commands run as root under sudo
.
The advantage of sudo
is that it only requires an ordinary user's
password to log in, and activity is monitored. This is a nice way to give some
authority to a junior administrator. For example:
$ sudo chown -R myself:mygrp .
Of course if you know the root password (as most home users do), any command
can be run under root from a user account:
$ su -c "shutdown -h now"
Password:
(I know I should tighten the admin account's sudo
privileges. But
since this is my home server, I have not bothered yet.)
For a different program that allows ordinary users to run commands with root
privileges, see the super
package.