The sudo command allows a user to run a command as root (or some other user). It has several benefits over su. It has a configuration file that can be used to restrict who has access, and what commands they have access to. It can be configured to not require (certain) users to enter root's password. It is also used to run individual commands, instead of giving the person a full shell command-line environment.

Install sudo:

# apt-get install sudo

Add a group named wheel, with a GID of 99:

groupadd -g 99 wheel

TODO: Add any admin users to the wheel group. (vigr seems to be the easiest way.)

Edit /etc/sudoers (have to do it by running visudo) to look like this:

root    ALL=(ALL) ALL
%wheel    ALL=NOPASSWD: ALL
www-data   ALL=NOPASSWD: /etc/pcx-firewall/frontend/scripts/install

TODO: Remove the NOPASSWORD: and replace it with (ALL) in a month or so to require passwords. The www-data line is just to document what we'd previously done.

Allowing sudo with no password should be limited as much as possible. Change /etc/sudoers for %wheel from "ALL=NOPASSWD: ALL" to "ALL=(ALL) ALL".

Note that if you allow a user to run a command as root, and the command allows them to shell out, they can then effectively run any command as root. So don't give access to things like vi, unless you give them access to ALL commands.

Add some limited commands for some users. For example, the editor should be able to check the mail queues. The list manager should be able to run the list management scripts.

Should we have used the existing sudo group (27) instead of adding a wheel group? How about staff (50)?

Consider Startup, Security, Testing, and Logging issues. Also, who gets credit for installation?