Organizations can no longer tolerate the security risks posed by intentional, accidental or indirect misuse of privileges. However, organizations need to provide the extended enterprise with necessary privileges within specified guidelines to do their job safely.Maybe I wasn't aware that people didn't know how to do this already, so I'll explain it here. In Unix and Linux systems, this is managed using the "sudo" command.
You will learn how to securely delegate privileges and authorization without disclosing the root password, including [...]
With sudo, a systems administrator can delegate the ability to run certain commands as though the user were root. (In Unix, root is the administrator of the system.) Only certain commands are allowed, as designated by the real systems administrator. You can even specify which command line options are permitted.
For example, in a corporate environment, a systems administrator often just manages the operating system, and a separate web server administrator is in charge of managing the technical components of a web site. We do this where I work. So root can set up sudo so the web server administrator can start, stop, and restart the "httpd" service. That's all the web server administrator can do - they can't do anything else as root.
Most importantly, sudo allows you to share access to specific users. So users ben and mike can restart a web server, because they're the only people on the web server administrator team - but not users fred or sharon.
The ben user would type this at the "$" command line prompt:
$ sudo service httpd restartOr maybe the systems administrator set up a single command to restart the web server. In that case, the command might be:
$ sudo web-restartOn my personal Linux system, I never login as root anymore, so I use sudo for those (rare) times that I need to do something "administrative" at the command line. (I don't often work at the command line these days, but sometimes I like to exercise my "sysadmin" background.)
In my case, I configured the sudo command (/etc/sudoers) to allow my general user login to run any command as root, but only if I provide my password. It's easy! You can also set up sudo to not require a password for certain users or for certain commands, but I prefer to require a password - if only to remind me that I'm about to become the root user.
For when you're working in the GUI, Linux uses PolicyKit to do something similar. That's why you can change the date and time on a Linux desktop without having to login as root.
Note that Windows has something similar to sudo, called runas ("Run As"). In Windows Vista and Windows 7, this is User Account Control, or "UAC". But runas (or UAC) is actually less secure than sudo. When you want to run an "administrative" command using runas, you will be prompted to provide the password for Administrator. So to delegate authority and privilege to your users, everyone needs to have shared access to the Administrator password.
I guess that's another way in which Linux does things a bit better.