Sudo
Sudo
1.8.27

1.0

Sudo free download for Mac

Sudo

1.8.27
02 July 2019

Run programs with security privileges of another user.

Overview

Sudo (su "do") allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell.

Its features include:
  • The ability to restrict what commands a user may run on a per-host basis.
  • Sudo does copious logging of each command, providing a clear audit trail of who did what. When used in tandem with syslogd, the system log daemon, Sudo can log all commands to a central host (as well as on the local host). At CU, all admins use Sudo in lieu of a root shell to take advantage of this logging.
  • Sudo uses timestamp files to implement a "ticketing" system. When a user invokes Sudo and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent Sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.
  • Sudo's configuration file, the Sudoers file, is setup in such a way that the same Sudoers file may be used on many machines. This allows for central administration while keeping the flexibility to define a user's privileges on a per-host basis. Please see the samples Sudoers file below for a real-world example.

Note: While the software is classified as free, it is actually donationware. Please consider making a donation to help support development.

What's new in Sudo

Version 1.8.7:
  • On HP-UX, sudo will now update the utmps file when running a command in a pseudo-tty. Previously, only the utmp and utmpx files were updated.
  • Nanosecond precision file time stamps are now supported on HP-UX.
  • Fixes and clarifications to the sudo plugin documentation.
  • The sudo manuals no longer require extensive post-processing to hide system-specific features. Conditionals in the roff source are now used instead. This fixes corruption of the sudo manual on systems without BSD login classes. Bug #861.
  • If an I/O logging plugin is configured but the plugin does not actually log any I/O, sudo will no longer force the command to be run in a pseudo-tty.
  • The fix for bug #843 in sudo 1.8.24 was incomplete. If the user's password was expired or needed to be updated, but no sudo password was required, the PAM handle was freed too early, resulting in a failure when processing PAM session modules.
  • In visudo, it is now possible to specify the path to sudoers without using the -f option. Bug #864.
  • Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx) file would not be updated when a command was run in a pseudo-tty. Bug #865.
  • Sudo now sets the silent flag when opening the PAM session except when running a shell via sudo -s or sudo -i. This prevents the pam_lastlog module from printing the last login information for each sudo command. Bug #867.
  • Fixed the default AIX hard resource limit for the maximum number of files a user may have open. If no hard limit for nofiles is explicitly set in /etc/security/limits, the default should be unlimited. Previously, the default hard limit was 8196.
  • Sudo now sets the silent flag when opening the PAM session except when running a shell via sudo -s or sudo -i. This prevents the pam_lastlog module from printing the last login information for each sudo command. Bug #867.
  • Fixed the default AIX hard resource limit for the maximum number of files a user may have open. If no hard limit for nofiles is explicitly set in /etc/security/limits, the default should be unlimited. Previously, the default hard limit was 8196.

Join over 500,000 subscribers.

Subscribe for our newsletter with best Mac offers from MacUpdate.

4 Sudo Reviews

Rate this app:

Cgc
13 November 2010

Most helpful

How is this different than the SUDO command that's built-in to the Terminal and OSX? I'm a little leery of something like this...but maybe I'm overlooking something.
Like (5)
Version 1.7.4p
sjakubiec
30 August 2013
I would recommend doing the following fix more than replacing or altering permissions on sudo. From command prompt: If you have BBEdit: bbedit /etc/sudoers Or if you use TextWrangler: edit /etc/sudoers If you have neither: sudo visudo Add the following line to the Defaults (after the last one) (Which should be Defaults env_keep += "HOME MAIL") Defaults timestamp_timeout=0 Save it and now sudo will always prompt for a password.
Like
Version 1.8.7
SickTeddyBear
30 August 2013
I just submitted a change to this entry so that it would become the official listing for sudo, and it has been approved. Now, read this important article about a vulnerability in the out of date versions of sudo that are included with OS X: http://arstechnica.com/security/2013/08/unpatched-mac-bug-gives-attackers-super-user-status-by-going-back-in-time/ Until Apple provides a security update, the easiest way to fix this is to install a copy of sudo using the links in this entry (or via a package manager such as MacPorts), and then overwrite the Apple included sudo binary so that it can't be invoked. If you use one of the package installers, the sudo binary will be placed in /usr/local/bin. After installing, to patch your system, enter at a terminal prompt: /usr/local/bin/sudo chmod u+w /usr/bin/sudo /usr/local/bin/sudo cp -p /usr/local/bin/sudo /usr/bin /usr/local/bin/sudo chmod a-w,go-r /usr/bin/sudo If you've installed sudo via MacPorts, then the commands would be: /opt/local/bin/sudo chmod u+w /usr/bin/sudo /opt/local/bin/sudo cp -p /opt/local/bin/sudo /usr/bin /opt/local/bin/sudo chmod a-w,go-r /usr/bin/sudo As I said, Apple will eventually provide an updated sudo binary, but to fix it right now, the system sudo needs to be replaced.
Like (1)
Version 1.8.7
SickTeddyBear
13 November 2010
Is this some kind of joke? This is not the official sudo distribution! You would have to be clinically insane to install some third-party build of such a critical piece of your security infrastructure! The official sudo web site is here: http://www.sudo.ws If you absolutely must mess around and replace sudo on your machine, then download it from there only and build it yourself, or use MacPorts. I can't even believe the insanity of this listing.
Like (5)
Version 1.7.4p
4 answer(s)
Hotodi
Hotodi
13 November 2010
Its a newer version of the sudo command. OS X comes with 1.7.0 and it freeze all the time my machine :( I got bunch of idle threads and ended often up into rebooting :( So it was very annoying for me, thats the reason i compiled a newer version. Beside this i decide to do it in 64 Bit finally. There is nothing insane on that, sorry. Developers can download and compile thereselfes, just users who need it once a while might not be possible, this is the target group for the files. There is nothing hacked into it, if you want i can mail you the tree i used (which btw is 1:1 the one from the website you pointed to) Thx, Bernd
Like (4)
Version 1.7.4p
SickTeddyBear
SickTeddyBear
14 November 2010
Users who don't even know how to build from source should not be messing with sudo. This is a solution that will lead to a problem.
Like (5)
Version 1.7.4p
Psychos
Psychos
14 November 2010
Sorry, but I have to agree with the above. Not sure why the original comment I'm replying to got voted down so much. This is an important piece of OS infrastructure that the average user should not be messing with. Unix-savvy users can compile their own upgraded sudo if they want to, from official source, Fink, or MacPorts. I do not believe it is a good idea for people to be installing 3rd party versions of integral components like sudo. Now, I'm not completely against providing an upgraded version of sudo. However, the description should VERY clearly state that this is simply an updated version of sudo, compiled from newer official sources than what Apple currently provides, and state what major differences are present from the Apple-supplied version. The description here absolutely does not do so.
Like (5)
Version 1.7.4p
Hotodi
Hotodi
14 November 2010
I had the description in, so i dont know why it is not in. Also with Links.... The Changelog is here: http://www.sudo.ws/sudo/changes.html And to clear it, it is the 64Bit Version of the ORIGINAL Sourcecode without modifications!
Like (2)
Version 1.7.4p
Cgc
13 November 2010
How is this different than the SUDO command that's built-in to the Terminal and OSX? I'm a little leery of something like this...but maybe I'm overlooking something.
Like (5)
Version 1.7.4p
1 answer(s)
ultratiem
ultratiem
13 November 2010
It's just a newer version. 10.6.5 ships with sudo 1.7.0. But unless you really need to be bleeding edge (requiring a fix found only in the updated version), I'd advise general users to stay clear. Installing such a mission critical (and a potentially security breech) program from an untrusted source is not advisable.
Like (9)
Version 1.7.4p