Sudo (super user do) command is a program for Unix / Linux Operating Systems that allows users to run programs with the security privileges of another user (can be the superuser i.e root or any other user in the system).
The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally note be able to. The commands can be run as user “root” or as any other user, as defined in the /etc/sudoers file. The privileged command that needs to be run must first begin with the word sudo followed by the command’s regular syntax. The user may prompted for the password depending on the configuration. Once authenticated, the necessary command can be executed depending on whether the /etc/sudoers configuration file permits the same. It also provides an audit trail of the commands and their arguments.
How to download the sudo package
You can find the package by doing a patch search in “patches & updates” section on support.oracle.com. select the platform as “Oracle Solaris on SPARC” or “Oracle Solaris on x86” and download the patches: 16920595 (for x86) and 16920591 (for SPARC).
The sudo utility is composed of the following three packages:
SUNWsudor contains configuration files, which are installed in /etc directory.
SUNWsudou contains sudo binaries and documentation.
SUNWsudoS contains source code of sudo.
Installing sudo packages
The following procedure uses SPARC platform as an example but the steps remain the same for x86 platform as well. Once you have downloaded the 3 packages from my oracle support site, place them in a temporary location. extract the packages :
# cd /tmp # gunzip sudo-1.0-sudo.sparc.tar.gz # tar xf sudo-1.0-sudo.sparc.tar
Install the packages in the order given below :
# pkgadd -d . SUNWsudor # pkgadd -d . SUNWsudou # pkgadd -d . SUNWsudoS
Configuring sudo
The /etc/sudoers file contains all the configuration details. The file can only be edited by the root user. When editing this file, use the command: visudo with no arguments. The visudo command mimics the vi editor to edit the /etc/sudoers configuration file. It is recommended that only this command be used to modify the sudoers file, as this file may not be located in the same directory on all systems. Also, this will prevents two users from editing the file at the same time and provides limited syntax checking.
Some of the most commonly used examples to understand how and which privileges can be configured via sudo are listed below.
Example 1 : run specific commands/script
The below command gives the user ‘oracle’ the privilege to run the script root.sh without the need to specify the password (NOPASSWD).
# visudo oracle ALL = NOPASSWD: /u01/app/oracle/product/10.2/root.sh
Example 2 : run all commands
To allow the uses to run all the commands without prompting for a password :
# visudo username ALL=(ALL) NOPASSWD: ALL
Example 3 : Always ask for password to run all commands
# visudo ALL ALL=(ALL) ALL
You can also define user/group aliases in the sudoers file. The /etc/sudoers file lists out many examples with explanations.