SUDO Command
What is the use of SUDO command?
|
Sudo or su is used to do root task without login as root
|
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5
minutes unless overridden in sudoers). |
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered within 5
minutes (unless overridden via sudoers). If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo. |
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
|
not much except opining a possible security hole .
i have never found a use for it |
I have always been annoyed with the whole idea of sudo---especially with Ubuntu and its progeny which disable root by default. I don't understand why one cannot simply "su" to root when they need to do something. (I'm assuming the situation where one is using the CLI-----In a GUI, being asked for an administrator password is certainly fine.....)
|
sudo is a great hole in the security of the system. User mustn't have permittion to work as root without root password. Sudo just makes it easy to crash your system with lame hands :) Use 'su' and you will have nobody to blame except of yourself.
|
Interesting...
At a conference, I was needling a Ubuntu rep. about this issue. He argued that sudo and "no-root-user" made for BETTER security. I did not understand his rationale and have now forgotten it. I am a traditionalist: The user(s) and the admin should be different--different passwords, different prompts in a terminal, etc. |
Yes, SUDO is meant for better security. I can think of some advantages:
1. User doesn't have to know the root password as she types her own password for sudo authentication. 2. Limit users to run specific commands with root privileges as opposed to a whole set of commands when su-ing to root. 3. Better auditing, SUDO allows logging all root-privilged commands executed using SUDO, ofcourse that includes who did what. 4. allows a user to securely run commands as another user WITHOUT knowing the other account password, which is a great help if for example the Operations group wanted to start/stop an application using some other support personnel account. I work for a very big enterprise and we use SUDO for all the above tasks. Regards, GeEk.KsA |
Quote:
I think the issue is do we prefer the Debian/Fedora type set up (no default sudo privileges) or the buntu system (no default root account). I would go with the former but then I'm a long time Debian user. The second issue is: do we encourage or disencourage the use of sudo by newbies? In the end people can and should do what they want but it would be nice to hear the downside of sudo use. Cheers, jdk |
A root account of some kind is simply a fact of life in Linux. The problem I've got with the *buntu approach is that you actually do assign root privileges to a user account without really understanding why or what they are used for. To be honest, I see little difference between the way *buntu approach admin privileges and the way Windows approaches it. And you can see how well that has worked out for Windows.
The *buntu approach also completely bastardizes the use of sudo. It was intended to give limited and specific access to root commands, but the way *buntu implements it, it gives root access to ALL commands. To be honest, I don't understand how someone can claim Ubuntu's approach reduces security risk. They are creating a generation of Linux users used to essentially running as root all the time and we all know that is a recipe for disaster. |
Quote:
Quote:
|
Quote:
Quote:
Quote:
|
Quote:
Things get really interesting when user X is an employee in a company where permissions are set up by an administrator. In this situation, sudo allows for more fire-grained control than su. Quote:
Quote:
Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 06:22 AM. |