Sudo Home Page

Sudo - a utility to allow restricted root access

Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. It's features include:

The ability to restrict what commands a user may run on a per-host basis.
Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, sudo can log all commands to a central host (as well as on the local host). At CU, all admins use sudo in lieu of a root shell to take advantage of this logging.
Sudo uses timestamp files to implement a "ticketing" system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
Sudo's configuration file, the sudoers file, is setup in such a way that the same sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user's privileges on a per-host basis. Please see the samples sudoers file below for a real-world example.

To get a good idea of what sudo can do, you really need to take a look at a sample sudoers file.

Availability

Sudo is currently available via anonymous ftp from the following locations:

Sudo is also available on the web from the following locations:

Send mail to sudo-bugs@courtesan.com if you wish to mirror sudo so we may include you in the above list. Mirrors should update from ftp.courtesan.com:/pub/sudo/

Binaries may be found at ftp.cs.colorado.edu:/pub/sudo/binaries. You should only use these if you are unable to build sudo yourself. Note that the binary distributions contain binaries only.

Beta versions of sudo may be found at ftp.cs.colorado.edu:/pub/sudo/beta/
If you are interested in running a beta version, please join the sudo-workers mailing list so that you will receive updates on bug fixes and new beta/gamma versions.

Current version

Currently the newest (non-BETA) sudo is version 1.5.6p2. There are no beta releases at this time.
For a full list of changes between versions 1.5.4 and 1.5.6 you should consult the CHANGES file that is included with the sudo distribtion. A short summary of major changes is also available.

Documentation

The web page for sudo can be found at http://www.courtesan.com/sudo
Html versions of the man pages for sudo, visudo, and the sudoers file are available. Also, please see the README, INSTALL, and TROUBLESHOOTING files.
Alek Komarnitsky has a nice slide show on how to use sudo in a large, heterogeneous environment.

Mailing lists

There are two mailing lists dedicated to sudo. The sudo-announce list is a moderated list that consists solely of new version announcements as well as bug fixes. The sudo-workers list is for people porting, hacking on, or generally improving sudo. It is also where the beta version announcements are sent. This is an unmoderated list. To subscribe to either list, simply send mail to majordomo@cs.colorado.edu with no subject and the following line in the body of the message: "subscribe LISTNAME" where LISTNAME is either sudo-announce or sudo-workers.

Authors

Many people have worked on sudo over the years, the current version of CU sudo consists of code written primarily by:

Jeff Nieusma
David Hieb
Todd Miller
Chris Jepeway

Todd currently maintains sudo. For more details take a look at the abbreviated historyof sudo.

Sample sudoers file

# Host alias specification
    Host_Alias      HUB=houdini: REMOTE=merlin,kodiakthorn,spirit
    Host_Alias      SERVERS=houdini,merlin,kodiakthorn,spirit
    Host_Alias      CUNETS=128.138.0.0/255.255.0.0
    Host_Alias      CSNETS=128.138.243.0,128.138.204.0, 128.138.205.192

# User alias specification
User_Alias FULLTIME=millert,dowdy,mikef
User_Alias PARTTIME=juola,mccreary,tor

# Runas alias specification
Runas_Alias OP=root,operator

# Command alias specification
    Cmnd_Alias      LPCS=/usr/etc/lpc,/usr/ucb/lprm
    Cmnd_Alias      SHELLS=/bin/sh,/bin/csh,/bin/tcsh,/bin/ksh
    Cmnd_Alias      SU=/bin/su
    Cmnd_Alias      MISC=/bin/rm,/bin/cat:SHUTDOWN=/etc/halt,/etc/shutdown

# User specification
    FULLTIME    ALL=(ALL) NOPASSWD: ALL
    %wheel             ALL=ALL
    PARTTIME    ALL=ALL,!SHELLS,!SU
    +interns            +openlabs=ALL,!SHELLS,!SU
    britt                    REMOTE=SHUTDOWN:ALL=LPCS
    jimbo                 CUNETS=/bin/su ?*,!/bin/su root
    nieusma            SERVERS=SHUTDOWN,/etc/reboot: HUB=ALL,!SHELLS
    jill                        houdini=/etc/shutdown -[hr] now,MISC
    markm               HUB=ALL,!MISC,!/etc/shutdown,!/etc/halt
    davehieb            merlin=(OP) ALL:SERVERS=/etc/halt: kodiakthorn=NOPASSWD: ALL
    steve                   CSNETS=(operator) /usr/op_commands/

Host Alias specifications:

The are four host aliases. The first actually contains two aliases. It sets HUB to be houdini and
REMOTE to the three machines merlin, kodiakthorn and spirit. Similarly, SERVERS is set
to the machines houdini, merlin, kodiakthorn and spirit. The CSNETS alias will match any host
on the 128.138.243.0, 128.138.204.0, or 128.138.205.192 nets. The CUNETS alias will match
any host on the 128.138.0.0 (class B) network. Note that these are network addresses, not ip
addresses. Unless an explicate netmask is given, the local netmask is used to determine
whether or not the current host belongs to a network.

User Alias specifications:

The two user aliases simply groups the FULLTIME and PARTTIME folks into two separate
aliases.

Command alias specifications:

Command aliases are lists of commands with or without associated command line arguments.
The entries above should be self-explanatory.

User specifications:

FULLTIME Full-time sysadmins in the FULLTIME alias may run any command on any
host as any user without a password.

%wheel Any user in the UN*X group wheel may run any command on any host.

PARTTIME Part-time sysadmins in the PARTTIME alias may run any command except
those in the SHELLS and SU aliases on any host.

+interns Any user in the netgroup interns may run any command except those in the
SHELLS and SU aliases on any host that is in the openlabs netgroup.

britt The user britt may run commands in the SHUTDOWN alias on the REMOTE
machines and commands in the LPCS alias on any machine.

jimbo The user jimbo may su to any user save root on the machines on CUNETS (which is
explicitely listed as a class B network).

nieusma The user nieusma may run commands in the SHUTDOWN alias as well as
/etc/reboot on the SERVER machines and any command except those in the SHELLS alias on the
HUB machines.

jill The user jill may run /etc/shutdown -h now or /etc/shutdown -r now as well as the
commands in the MISC alias on houdini.

markm The user markm may run any command on the HUB machines except
/etc/shutdown, /etc/halt, and commands listed in the MISC alias.

davehieb The user davehieb may run any command on merlin as any user in the
Runas_Alias OP (ie: root or operator). He may also run /etc/halt on the SERVERS and
any command on kodiakthorn (no password required on kodiakthorn).

steve The user steve may run any command in the /usr/op_commands/ directory as
user operator on the machines on CSNETS.