Post Exploitationprivilege escalationsudoersroot accesslogginglinux

sudo

Sudo allows sysadmins to provide limited root privileges to specific users while logging root activity. It follows the principle of granting minimal privileges necessary for users to complete their tasks.

Description

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. It enables executing commands as another user, typically root, based on sudoers configuration.

Key components include cvtsudoers for converting sudoers file formats, sudo_logsrvd for handling sudo event and I/O logs on a server, sudo_sendlog for sending I/O logs to a remote server, sudoedit for editing files as another user, sudoreplay for replaying session logs, and visudo for safely editing the sudoers file. Transitional packages like libnss-sudo and sudo-ldap are noted as removed or migrated.

Use cases involve privilege management in Linux environments, auditing superuser actions, and secure administrative tasks. Related OffSec training covers sudo abuse in privilege escalation scenarios.

How It Works

Sudo checks user permissions via the sudoers file or LDAP, prompts for credentials if needed, and executes commands with elevated privileges while logging activity. It supports I/O logging transferable to remote servers via sudo_logsrvd and sudo_sendlog, with replay via sudoreplay. Components like visudo ensure safe sudoers edits, and cvtsudoers handles format conversions between JSON, LDIF, and sudoers.

Installation

bash

sudo apt install sudo

Flags

-h, --helpdisplay help message and exit

-vmake sudo ask for a password

-llist user's privileges or check a specific command

-u userrun command (or edit file) as user

-g grouprun command as group

-E, --preserve-envpreserve user environment when running command

-b, --backgroundrun command in the background

-A, --askpassuse a helper program for password prompting

-i, -srun an initial login shell or stop after processing startup, login shell and profile (if any) scripts

-eedit one or more files

Examples

Display help for sudo - execute a command as another user

sudo -h

List user's privileges

sudo -l

Validate cached credentials

sudo -v

Execute command as specified user

sudo -u user command

Edit file as another user

sudo -e file

Display help for cvtsudoers - convert between sudoers file formats

cvtsudoers -h

Display help for sudo event and I/O log server

sudo_logsrvd -h

Display help for sending sudo I/O log to log server

sudo_sendlog --help

Updated 2026-04-16kali.org ↗