Voland.com.cn

Introduction
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.

Debian’s sudo package has the password timeout set to 15 minutes. This means that when you first enter your password, as long as you don’t wait more than 15 minutes between sudo commands, you won’t have to enter it again. The password timeout can be immediately expired with sudo -k.

Debian’s sudo is compiled with
--with-exempt=sudo
--with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:
As a consequence, the PATH of the user is ignored except if the user is in group sudo.

Installing SUDO in Debian
# apt-get install sudo
sudo is configured entirely through the file /etc/sudoers. This file controls the commands which users are allowed to run.
# vim /etc/sudoers
add a line:
user ALL=(ALL) ALL

To run one command as root:
#sudo command
For more commands, run your shell with sudo.
#sudo sh (if sh is your shell.)
Be careful when you are root. When you are done, type exit
For more details about sudo options check man pages of sudo.Click here for sudo man page.
some random SUDO examples

# groups
User_Alias  ROOT = user1, user2, user3
User_Alias  WEBMASTERS = user4, user5, user6
 
# commands
Cmnd_Alias  APACHE = /usr/local/sbin/kickapache
Cmnd_Alias  TAIL = /usr/bin/tail
Cmnd_Alias      SHUTDOWN = /sbin/shutdown
Cmnd_Alias      APT = /usr/bin/apt-get, /usr/bin/dpkg
 
# privileges 
ROOT        ALL = (ALL) ALL
WEBMASTERS  ALL = PASSWD : APACHE, TAIL
admin       ALL = NOPASSWD : /etc/init.d/apache