GNU/Linux Desktop Survival Guide by Graham Williams |
|||||
The sudo package allows a normal user to execute commands as root in a controlled manner.
Debian's sudo
package has the password timeout set to 15
minutes. This means that when you first enter your password, as long
as you don't wait more than 15 minutes between sudo commands, you
won't have to enter it again. The password timeout can be immediately
expired with sudo -k
.
Debian's sudo is compiled with
--with-exempt=sudo --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:... |
Adding users to the group sudo allows those users to execute sudo without a password but this is strongly discouraged.
Sudo allows a fairly fine grain of control. Note that inclusions (lists of specific commands/paths allowed, rather than rejected) is preferable. But be careful granting root access to commands with shell escapes.