Sudo1.9.12

Sudo allows a system administrator to delegate authority to give certain users the ability to run some commands as root or another user while providing an audit trail of the commands and their arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

Sudo features include:

The ability to restrict what commands a user may run on a per-host basis.

Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, sudo can log all commands to a central host.

Sudo uses timestamp files to implement a "ticketing" system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes. Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.

Sudo's configuration file, the sudoers file, is setup in such a way that the same sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user's privileges on a per-host basis.