SUDO Command
 

What is the use of SUDO command?

Sudo or su is used to do root task without login as root

sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5
minutes unless overridden in sudoers).

sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered within 5
minutes (unless overridden via sudoers).

If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.

sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.

not much except opining a possible security hole .
i have never found a use for it

I have always been annoyed with the whole idea of sudo---especially with Ubuntu and its progeny which disable root by default. I don't understand why one cannot simply "su" to root when they need to do something. (I'm assuming the situation where one is using the CLI-----In a GUI, being asked for an administrator password is certainly fine.....)

sudo is a great hole in the security of the system. User mustn't have permittion to work as root without root password. Sudo just makes it easy to crash your system with lame hands :) Use 'su' and you will have nobody to blame except of yourself.

Interesting...
At a conference, I was needling a Ubuntu rep. about this issue. He argued that sudo and "no-root-user" made for BETTER security. I did not understand his rationale and have now forgotten it.

I am a traditionalist: The user(s) and the admin should be different--different passwords, different prompts in a terminal, etc.

Yes, SUDO is meant for better security. I can think of some advantages:

1. User doesn't have to know the root password as she types her own password for sudo authentication.
2. Limit users to run specific commands with root privileges as opposed to a whole set of commands when su-ing to root.
3. Better auditing, SUDO allows logging all root-privilged commands executed using SUDO, ofcourse that includes who did what.
4. allows a user to securely run commands as another user WITHOUT knowing the other account password, which is a great help if for example the Operations group wanted to start/stop an application using some other support personnel account.

I work for a very big enterprise and we use SUDO for all the above tasks.

Regards,
GeEk.KsA

I can see both sides of this issue. On the one hand someone who has the root password must set up the user to be able to use sudo. The one with the root password (call him/her the admin) can limit the type of use an ordinary user can have on this system. I believe the admin can limit its use to a certain closed set of commands that do not include, for example, the ability to edit the sudoers file. Am I correct in this? What I like about sudo is its short life-span. Using su I can forget about who I am and even that I'm running a terminal as root. Mistakes, and who doesn't make them, can be made.

I think the issue is do we prefer the Debian/Fedora type set up (no default sudo privileges) or the buntu system (no default root account). I would go with the former but then I'm a long time Debian user.

The second issue is: do we encourage or disencourage the use of sudo by newbies? In the end people can and should do what they want but it would be nice to hear the downside of sudo use.
Cheers,
jdk

A root account of some kind is simply a fact of life in Linux. The problem I've got with the *buntu approach is that you actually do assign root privileges to a user account without really understanding why or what they are used for. To be honest, I see little difference between the way *buntu approach admin privileges and the way Windows approaches it. And you can see how well that has worked out for Windows.

The *buntu approach also completely bastardizes the use of sudo. It was intended to give limited and specific access to root commands, but the way *buntu implements it, it gives root access to ALL commands.

To be honest, I don't understand how someone can claim Ubuntu's approach reduces security risk. They are creating a generation of Linux users used to essentially running as root all the time and we all know that is a recipe for disaster.

Rubbish, that applies only to the account that was set up during install. Add another one and you'll find that permissions are limited. Maybe not in the custom way you had in mind, but limited they are.

What? Do you think those users are entering sudo into their terminal every five minutes? Because that is what it would take for them to be running as root all the time. Besides, even if they did, they would not be running as root all the time. I have recently discovered that a number of commands have stopped working with sudo, you need to use sudo su explicitly.

Given that *buntu is aimed at the desktop, that initial account is likely the only one ever created and used. At least with most other distros you start with a limited account and have to escalate from there (unless you're dumb enough to use root as your personal account).
Maybe not every five minutes, but often enough to lead to complacency about entering their password to do something. I used Ubuntu on one of my machines for about three months just to see what the hoopla was about and was completely horrified at how similar the security model is to Windows. At least a formal root account forces a person to think about what they are doing, not just blindly click and go. I'm just waiting for some enterprising cracker to figure out how to distribute a trojan as a dependency on some piece of software. The way *buntu has implemented security and software installation, it would be wildly successful.

Which is pretty much the same thing as having a root account in the first place. If they enabled root and stopped abusing sudo, maybe they wouldn't have to twist themselves into such pretzels.

OK, but I'll assume that user X who decides to switch from *buntu to sudoless distro Y will be prompted for a root password during install. I have never seen any distro that makes up a root password behind my back - and if one exists, I think I'd rather not have anything to do with it. After some initial puzzlement, user X will find out that, rather than using sudo, (s)he now has to use su (-). Overall effect: exactly the same thing. User X still has the keys to the front door.
Things get really interesting when user X is an employee in a company where permissions are set up by an administrator. In this situation, sudo allows for more fire-grained control than su.

More sophistry. In the past, I have seen numerous questions about setting up a root terminal or a root file browser. The ultimate evidence that nothing is sacred to the careless user, not even su.

Only it is windows that imitated the OS X/ linux model, not the other way round.

click? on what? You still need to enter a password. An more often than not into a terminal you have to bring up first.

Once more assuming that your su user has managed to install a system without remembering the root password (s)he submitted during install and that (s)he is happy not to have any control over the system while it is in use. How are you going to install any software without su?

Come to think about it, this feels more like a bug than design. I have needed to use sudo su in only one situation, if I remember well when I was trying to relabel a partition. If there really was any intention to move to a root account, I imagine sudo su would be required for many more things than just that.