Hiding Root with sudo
While the proper use of groups can almost eliminate the need for root access to edit files, that won’t help with commands that can be run only by root. You could set up a cron job to reload the name server each day at midnight, but every piece of software occasionally needs a manual restart. Because root is an all-or-nothing affair, people who have one minor task to perform have traditionally needed the root password.
sudo(8) and its associated tools, which implement fine-grained access control for commands that can be run only by particular users. When configured properly,
sudo lets normal users run specific programs as other users, including root. Configured improperly,
sudo permits full root access. I’ll ...