75.5 SUDO Admin Access

20201230 The sudo package allows a normal user to execute commands as the administrator (the root user) in a controlled manner.

To allow a user to access sudo add them to the sudo group:

$ sudo adduser kayon sudo

Debian’s sudo is compiled with

  --with-exempt=sudo
  --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:... 

As a consequence, the PATH of the user is ignored except if the user is in group sudo.

Sudo allows a fairly fine grain of control. Note that inclusions (lists of specific commands/paths allowed, rather than rejected) is preferable. But be careful granting root access to commands with shell escapes.



Your donation will support ongoing development and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2021 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0.