[X-Unix] Sudo as Another User
William H. Magill
magill at mcgillsociety.org
Wed Feb 25 18:40:24 PST 2004
On 25 Feb, 2004, at 11:06, Alex wrote:
> On Wednesday, Feb 25, 2004, at 10:27 Canada/Eastern, Kevin Stevens
> wrote:
>> [...] the non-admin user needs to be
>> a member of the "admin" group in order to be able to sudo. [...]
>
> So, if I understand you correctly, a non-admin user can't run sudo at
> all, not even as another user. Right?
Others have touched on aspects of /etc/sudoers, but the thing to know
about sudo is that it was developed for the purpose of allowing ANY
user in ANY group to execute ANY command -- but only the command
explicitly defined in the sudoers file.
It is NOT "just" a replacement for "su" - and it is NOT "just" for the
purpose of obtaining root access. It can do those things, but it has
much wider capabilities.
"man sudoers" for an extensive description of what you can do.
And visit the source for the sudoers manual:
http://www.courtesan.com/sudo/man/sudoers.html
in particular see:
http://www.courtesan.com/sudo/intro.html
For example:
You can allow user X in group Y to execute command Z (AND ONLY COMMAND
Z) as user Q.
This is used to allow Joe to run commands as user "dbadmin" so that he
can modify the database engine.
"sudo" is a very powerful tool for administering any large system.
T.T.F.N.
William H. Magill
# Beige G3 - Rev A motherboard - 768 Meg
# Flat-panel iMac (2.1) 800MHz - Super Drive - 768 Meg
# PWS433a [Alpha 21164 Rev 7.2 (EV56)- 64 Meg]- Tru64 5.1a
# XP1000 - [Alpha EV6]
magill at mcgillsociety.org
magill at acm.org
magill at mac.com
More information about the X-Unix
mailing list