Often administrators are required to provide access to users and developers sufficient to manage a production or development application environment. In some cases root level access is needed. For example, a web administrator needs to be able to start and stob web services. In order to bind to port 80 the server must start as root. It is generally very undesirable to give applications people unrestricted root access but also undesirable to constantly have to perform all the various tasks which require root access for the applications people.

The solution is sudo. With sudo, root access can be granted very granularly. For example, the web administrator needs to be able to start/stop apache and also needs to be able to "su" to the webadm user which was created to ease web administration. The following lines in the /etc/sudoers file would grant the appropriate access to anyone in the webadm group:

%webadm         dash1=NOPASSWD: /usr/bin/su - webadm, \
                                /usr/local/apache/bin/apachectl stop, \
                                /usr/local/apache/bin/apachectl start

Now anyone in the group webadm would be able to "sudo su - webadm" to become the webadm user. Also anyone in webadm can start or stop apache.

Another common use for sudo is to allow junior administrators some limited access and to allow backup administrators to perform tasks such as start/stop the backup software, install backup client etc.

For additional information, please see the sudo main page at http://www.courtesan.com/sudo/.