We stand with Ukraine to help keep people safe. Join us
All Apps
Best AppsReviewsComparisonsHow-To
When you purchase through links on our site, we may earn an affiliate commission

Sudo for Mac

Run programs with security privileges of another user.

Free
In English
Version 1.8.27
1.0
Based on 1 user rate

Sudo overview

Sudo (su "do") allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

Its features include:
  • The ability to restrict what commands a user may run on a per-host basis.
  • Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, Sudo can log all commands to a central host (as well as on the local host). At CU, all admins use Sudo in lieu of a root shell to take advantage of this logging.
  • Sudo uses timestamp files to implement a "ticketing" system. When a user invokes Sudo and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent Sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
  • Sudo's configuration file, the Sudoers file, is setup in such a way that the same Sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user's privileges on a per-host basis. Please see the samples Sudoers file below for a real-world example.

Note: While the software is classified as free, it is actually donationware. Please consider making a donation to help support development.

What’s new in version 1.8.27

Version 1.8.7:
  • On HP-UX, sudo will now update the utmps file when running a command in a pseudo-tty. Previously, only the utmp and utmpx files were updated.
  • Nanosecond precision file time stamps are now supported on HP-UX.
  • Fixes and clarifications to the sudo plugin documentation.
  • The sudo manuals no longer require extensive post-processing to hide system-specific features. Conditionals in the roff source are now used instead. This fixes corruption of the sudo manual on systems without BSD login classes. Bug #861.
  • If an I/O logging plugin is configured but the plugin does not actually log any I/O, sudo will no longer force the command to be run in a pseudo-tty.
  • The fix for bug #843 in sudo 1.8.24 was incomplete. If the user's password was expired or needed to be updated, but no sudo password was required, the PAM handle was freed too early, resulting in a failure when processing PAM session modules.
  • In visudo, it is now possible to specify the path to sudoers without using the -f option. Bug #864.
  • Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx) file would not be updated when a command was run in a pseudo-tty. Bug #865.
  • Sudo now sets the silent flag when opening the PAM session except when running a shell via sudo -s or sudo -i. This prevents the pam_lastlog module from printing the last login information for each sudo command. Bug #867.
  • Fixed the default AIX hard resource limit for the maximum number of files a user may have open. If no hard limit for nofiles is explicitly set in /etc/security/limits, the default should be unlimited. Previously, the default hard limit was 8196.
  • Sudo now sets the silent flag when opening the PAM session except when running a shell via sudo -s or sudo -i. This prevents the pam_lastlog module from printing the last login information for each sudo command. Bug #867.
  • Fixed the default AIX hard resource limit for the maximum number of files a user may have open. If no hard limit for nofiles is explicitly set in /etc/security/limits, the default should be unlimited. Previously, the default hard limit was 8196.

Sudo for Mac

Free
In English
Version 1.8.27
Write a detailed review about Sudo

Write your thoughts in our old-fashioned comment

MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
1.0

(4 Reviews of Sudo)

  • Comments

  • User Ratings

sjakubiec
sjakubiec
Aug 30 2013
1.8.7
0.0
Aug 30 2013
0.0
Version: 1.8.7
I would recommend doing the following fix more than replacing or altering permissions on sudo. From command prompt: If you have BBEdit: bbedit /etc/sudoers Or if you use TextWrangler: edit /etc/sudoers If you have neither: sudo visudo Add the following line to the Defaults (after the last one) (Which should be Defaults env_keep += "HOME MAIL") Defaults timestamp_timeout=0 Save it and now sudo will always prompt for a password.
SickTeddyBear
SickTeddyBear
Aug 30 2013
1.8.7
1.0
Aug 30 2013
1.0
Version: 1.8.7
I just submitted a change to this entry so that it would become the official listing for sudo, and it has been approved. Now, read this important article about a vulnerability in the out of date versions of sudo that are included with OS X: http://arstechnica.com/security/2013/08/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time/ Until Apple provides a security update, the easiest way to fix this is to install a copy of sudo using the links in this entry (or via a package manager such as MacPorts), and then overwrite the Apple included sudo binary so that it can't be invoked. If you use one of the package installers, the sudo binary will be placed in /usr/local/bin. After installing, to patch your system, enter at a terminal prompt: /usr/local/bin/sudo chmod u+w /usr/bin/sudo /usr/local/bin/sudo cp -p /usr/local/bin/sudo /usr/bin /usr/local/bin/sudo chmod a-w,go-r /usr/bin/sudo If you've installed sudo via MacPorts, then the commands would be: /opt/local/bin/sudo chmod u+w /usr/bin/sudo /opt/local/bin/sudo cp -p /opt/local/bin/sudo /usr/bin /opt/local/bin/sudo chmod a-w,go-r /usr/bin/sudo As I said, Apple will eventually provide an updated sudo binary, but to fix it right now, the system sudo needs to be replaced.
SickTeddyBear
SickTeddyBear
Nov 14 2010
1.7.4p
1.0
Nov 14 2010
1.0
Version: 1.7.4p
Is this some kind of joke? This is not the official sudo distribution! You would have to be clinically insane to install some third-party build of such a critical piece of your security infrastructure! The official sudo web site is here: http://www.sudo.ws If you absolutely must mess around and replace sudo on your machine, then download it from there only and build it yourself, or use MacPorts. I can't even believe the insanity of this listing.
Cgc
Cgc
Nov 14 2010
1.7.4p
0.0
Nov 14 2010
0.0
Version: 1.7.4p
How is this different than the SUDO command that's built-in to the Terminal and OSX? I'm a little leery of something like this...but maybe I'm overlooking something.
SickTeddyBear
SickTeddyBear
Nov 14 2010
1.0
Nov 14 2010
1.0
Version: null