1.3.1 Ensure sudo is installed


sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy.

Note: Use the sudo-ldap package if you need LDAP support for sudoers


sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the sudo front end. The default security policy is sudoers, which is configured via the file /etc/sudoers.

The security policy determines what privileges, if any, a user has to run sudo. The policy may require that users authenticate themselves with a password or another authentication mechanism. If authentication is required, sudo will exit if the user's password is not entered within a configurable time limit. This limit is policy-specific.


Install sudo using the following command.

# apt install sudo


# apt install sudo-ldap

See Also


Item Details


References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Unix

Control ID: 1e0eb4bd2ca1f996e7febac2fe6d2c5e452d8a3d9246ea269b019346e70a35c8