NAME
sudo, sudoedit - execute a command as another user
DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file (unless the -P option was specified). If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default.
In practice, sudo sucks.
I’ve been working in EC2 and automating servers with Chef for a number of years now. I always run as root. If I cannot run as root, the first thing I type is sudo -i, which opens a root shell. So in other words, I always run as root. In this context, what is the point of sudo? Partial root access probably. Odds have it you don’t need partial root access unless you’re calling from 1985 and you want to complain about not getting enough timeshare on the campus mainframe computer. So let’s rule that out. What is left? Passwords.
Users don’t want to hand around the root password. Seriously? Is this still a problem? If it is, the solution is called Public Key Infrastructure. You probably use SSH a lot, perhaps every day? SSH uses PKI. You can have your own password on your own key and it can be granted root access. If you want to use PKI for SSH in a more managed way, you can run Monkeysphere.
That is all.
