[X-Unix] Sudo as Another User

William H. Magill magill at mcgillsociety.org
Wed Feb 25 18:40:24 PST 2004


On 25 Feb, 2004, at 11:06, Alex wrote:
> On Wednesday, Feb 25, 2004, at 10:27 Canada/Eastern, Kevin Stevens 
> wrote:
>> [...] the non-admin user needs to be
>> a member of the "admin" group in order to be able to sudo. [...]
>
> So, if I understand you correctly, a non-admin user can't run sudo at 
> all, not even as another user. Right?

Others have touched on aspects of /etc/sudoers, but the thing to know 
about sudo is that it was developed for the purpose of allowing ANY 
user in ANY group to execute ANY command -- but only the command 
explicitly defined in the sudoers file.

It is NOT "just" a replacement for "su" - and it is NOT "just" for the 
purpose of obtaining root access. It can do those things, but it has 
much wider capabilities.

"man sudoers" for an extensive description of what you can do.
And visit the source for the sudoers manual:

http://www.courtesan.com/sudo/man/sudoers.html
     in particular see:
http://www.courtesan.com/sudo/intro.html

For example:
You can allow user X in group Y to execute command Z (AND ONLY COMMAND 
Z) as user Q.

This is used to allow Joe to run commands as user "dbadmin" so that he 
can modify the database engine.

"sudo" is a very powerful tool for administering any large system.

T.T.F.N.
William H. Magill
# Beige G3 - Rev A motherboard - 768 Meg
# Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a
# XP1000 - [Alpha EV6]
magill at mcgillsociety.org
magill at acm.org
magill at mac.com



More information about the X-Unix mailing list