Running commands by impersonating the root is possible in Linux distributions. You can simply use the su command and type in the root password to open a shell with highest available privileges. This method has some disadvantages because you are not able to record any system changes performed by users and you cannot track them in time.
There is another way in which you can allow users to run commands as root by using the sudo command. Any command executed with sudo is recorded by the syslog service and can be tracked later. Privileges must be configured previously before a user can access certain commands. These permissions are configured in the /etc/sudoers file. Here is the output of this file on a standard CentOS machine:
Always use the visudo command to edit the sudoers files!
The file offers descriptive lines for each command and you can check out the manpage to find out further options regarding sudo command. I’ve created a test user named danp and granted access to all commands on the Centos01 server (danp Centos01=(ALL) ALL). The line below would allow this user to execute all commands on all machines.
%adm ALL=(ALL) ALL – allows users from the adm group to run any commands on any host
With visudo you can set custom hosts, users, groups, commands that can be executed and really control the way users interact with network servers.