There is already a utility built-in to Linux and Unix systems called "sudo" that does exactly this. The sudo utility...
is a command line tool that allows users to have temporary root access with their own user ID without having to log in as root.
The other nice thing about sudo, besides that it's already available on the *nix family of systems, is its flexibility. Users are only allowed root access temporarily -- usually only the duration of their session -- and only to the functionality the sys-admin grants them. So, in other words, using sudo doesn't give the user free rein of the system where he or she might have unauthorized access or could cause damage to operating system files.
The sudo utility comes with a configuration file, "sudoers," which resides in the "/etc," where configuration files are stored in most Linux distributions. The "sudoers" configuration file specifies who can use sudo and what they're allowed to access. Specific users can be added as line entries to the configuration file.
The sudoers file can be configured manually but should be updated using a tool called "visudo." Otherwise, manual changes will be overwritten by visudo.
As for accountability, sudo logs all of its activity in a file called "sudo.log," which is usually located in the "/var/log" directory with other log files. The sudo log file lists the names of users who access sudo with a timestamp, as well as the host they logged in from and the commands that they used.
The sudo utility is the best option to allow root access by users with their own IDs and, at the same time, log their access and provide accountability for their activities.
- Learn how LDAP has evolved beyond Linux/Unix footprints.
- Read more tips on dealing with the challenges behind operational integeration of security and network management.
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.