sudo not only lets a unix user
execute commands as the
superuser, it lets you do so without knowing the
root password. Instead, you use your own password.
By default, the first time you use sudo, you get this little message:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Users are classified into different categories in a configuration file called the sudoers file. The sudo administrator can use this to give different groups of people different privileges. For example, while some users may be given complete power (an administrator type group) and therefore even be able to change the sudoers file, others may just have root access on certain boxes. Other users might only be given permission to execute certain commands.
Anyone who is not in the sudoers file, or perhaps tries to use sudo to do something they are not authorized to do, gets a little message also:
john is not in the sudoers file. This incident will be reported.
Sure enough, the administrator will get an e-mail with a Subject like "***important
SECURITY information for machinexyx***".
sudo also takes the step of logging every time anyone uses it. Of course, anyone given full root powers inside of sudo can bypass this by just doing a "sudo su -".
Finally, one other little do-dad is that sudo caches your password for a short amount of time. Therefore, if you use it several times in a short period, you do not have to type your password each time.