LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-27-2009, 12:36 AM   #1
gautamshaw
LQ Newbie
 
Registered: Jun 2009
Posts: 16

Rep: Reputation: 0
SUDO Command


What is the use of SUDO command?
 
Old 06-27-2009, 12:46 AM   #2
ronlau9
Senior Member
 
Registered: Dec 2007
Location: In front of my LINUX OR MAC BOX
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369

Rep: Reputation: Disabled
Sudo or su is used to do root task without login as root
 
Old 06-27-2009, 01:00 AM   #3
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5
minutes unless overridden in sudoers).
 
Old 06-27-2009, 01:03 AM   #4
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered within 5
minutes (unless overridden via sudoers).

If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.
 
Old 06-27-2009, 01:05 AM   #5
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
 
Old 06-27-2009, 01:24 AM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,990

Rep: Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448Reputation: 2448
not much except opining a possible security hole .
i have never found a use for it
 
Old 06-27-2009, 04:13 AM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
I have always been annoyed with the whole idea of sudo---especially with Ubuntu and its progeny which disable root by default. I don't understand why one cannot simply "su" to root when they need to do something. (I'm assuming the situation where one is using the CLI-----In a GUI, being asked for an administrator password is certainly fine.....)
 
Old 06-27-2009, 04:41 AM   #8
reccursive
LQ Newbie
 
Registered: Apr 2009
Distribution: Debian
Posts: 5

Rep: Reputation: 1
sudo is a great hole in the security of the system. User mustn't have permittion to work as root without root password. Sudo just makes it easy to crash your system with lame hands Use 'su' and you will have nobody to blame except of yourself.
 
Old 06-27-2009, 05:05 AM   #9
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Interesting...
At a conference, I was needling a Ubuntu rep. about this issue. He argued that sudo and "no-root-user" made for BETTER security. I did not understand his rationale and have now forgotten it.

I am a traditionalist: The user(s) and the admin should be different--different passwords, different prompts in a terminal, etc.
 
Old 06-27-2009, 05:29 AM   #10
geek.ksa
Member
 
Registered: Jan 2009
Location: Dhahran, Saudi Arabia
Distribution: RHEL 5
Posts: 42

Rep: Reputation: 17
Yes, SUDO is meant for better security. I can think of some advantages:

1. User doesn't have to know the root password as she types her own password for sudo authentication.
2. Limit users to run specific commands with root privileges as opposed to a whole set of commands when su-ing to root.
3. Better auditing, SUDO allows logging all root-privilged commands executed using SUDO, ofcourse that includes who did what.
4. allows a user to securely run commands as another user WITHOUT knowing the other account password, which is a great help if for example the Operations group wanted to start/stop an application using some other support personnel account.

I work for a very big enterprise and we use SUDO for all the above tasks.

Regards,
GeEk.KsA
 
Old 06-27-2009, 05:36 AM   #11
jdkaye
LQ Guru
 
Registered: Dec 2008
Location: Westgate-on-Sea, Kent, UK
Distribution: Debian Testing Amd64
Posts: 5,464

Rep: Reputation: Disabled
Quote:
Originally Posted by pixellany View Post
Interesting...
At a conference, I was needling a Ubuntu rep. about this issue. He argued that sudo and "no-root-user" made for BETTER security. I did not understand his rationale and have now forgotten it.

I am a traditionalist: The user(s) and the admin should be different--different passwords, different prompts in a terminal, etc.
I can see both sides of this issue. On the one hand someone who has the root password must set up the user to be able to use sudo. The one with the root password (call him/her the admin) can limit the type of use an ordinary user can have on this system. I believe the admin can limit its use to a certain closed set of commands that do not include, for example, the ability to edit the sudoers file. Am I correct in this? What I like about sudo is its short life-span. Using su I can forget about who I am and even that I'm running a terminal as root. Mistakes, and who doesn't make them, can be made.

I think the issue is do we prefer the Debian/Fedora type set up (no default sudo privileges) or the buntu system (no default root account). I would go with the former but then I'm a long time Debian user.

The second issue is: do we encourage or disencourage the use of sudo by newbies? In the end people can and should do what they want but it would be nice to hear the downside of sudo use.
Cheers,
jdk

Last edited by jdkaye; 06-27-2009 at 05:37 AM.
 
Old 06-27-2009, 08:15 AM   #12
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
A root account of some kind is simply a fact of life in Linux. The problem I've got with the *buntu approach is that you actually do assign root privileges to a user account without really understanding why or what they are used for. To be honest, I see little difference between the way *buntu approach admin privileges and the way Windows approaches it. And you can see how well that has worked out for Windows.

The *buntu approach also completely bastardizes the use of sudo. It was intended to give limited and specific access to root commands, but the way *buntu implements it, it gives root access to ALL commands.

To be honest, I don't understand how someone can claim Ubuntu's approach reduces security risk. They are creating a generation of Linux users used to essentially running as root all the time and we all know that is a recipe for disaster.
 
Old 06-27-2009, 08:18 AM   #13
jay73
LQ Guru
 
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019

Rep: Reputation: 130Reputation: 130
Quote:
The *buntu approach also completely bastardizes the use of sudo. It was intended to give limited and specific access to root commands, but the way *buntu implements it, it gives root access to ALL commands.
Rubbish, that applies only to the account that was set up during install. Add another one and you'll find that permissions are limited. Maybe not in the custom way you had in mind, but limited they are.

Quote:
To be honest, I don't understand how someone can claim Ubuntu's approach reduces security risk. They are creating a generation of Linux users used to essentially running as root all the time and we all know that is a recipe for disaster.
What? Do you think those users are entering sudo into their terminal every five minutes? Because that is what it would take for them to be running as root all the time. Besides, even if they did, they would not be running as root all the time. I have recently discovered that a number of commands have stopped working with sudo, you need to use sudo su explicitly.

Last edited by jay73; 06-27-2009 at 08:20 AM.
 
Old 06-27-2009, 08:40 AM   #14
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Rubbish, that applies only to the account that was set up during install.
Given that *buntu is aimed at the desktop, that initial account is likely the only one ever created and used. At least with most other distros you start with a limited account and have to escalate from there (unless you're dumb enough to use root as your personal account).
Quote:
What? Do you think those users are entering sudo into their terminal every five minutes?
Maybe not every five minutes, but often enough to lead to complacency about entering their password to do something. I used Ubuntu on one of my machines for about three months just to see what the hoopla was about and was completely horrified at how similar the security model is to Windows. At least a formal root account forces a person to think about what they are doing, not just blindly click and go. I'm just waiting for some enterprising cracker to figure out how to distribute a trojan as a dependency on some piece of software. The way *buntu has implemented security and software installation, it would be wildly successful.

Quote:
I have recently discovered that a number of commands have stopped working with sudo, you need to use sudo su explicitly.
Which is pretty much the same thing as having a root account in the first place. If they enabled root and stopped abusing sudo, maybe they wouldn't have to twist themselves into such pretzels.
 
Old 06-27-2009, 09:31 AM   #15
jay73
LQ Guru
 
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019

Rep: Reputation: 130Reputation: 130
Quote:
Given that *buntu is aimed at the desktop, that initial account is likely the only one ever created and used.
OK, but I'll assume that user X who decides to switch from *buntu to sudoless distro Y will be prompted for a root password during install. I have never seen any distro that makes up a root password behind my back - and if one exists, I think I'd rather not have anything to do with it. After some initial puzzlement, user X will find out that, rather than using sudo, (s)he now has to use su (-). Overall effect: exactly the same thing. User X still has the keys to the front door.
Things get really interesting when user X is an employee in a company where permissions are set up by an administrator. In this situation, sudo allows for more fire-grained control than su.

Quote:
Maybe not every five minutes, but often enough to lead to complacency about entering their password to do something.
More sophistry. In the past, I have seen numerous questions about setting up a root terminal or a root file browser. The ultimate evidence that nothing is sacred to the careless user, not even su.

Quote:
and was completely horrified at how similar the security model is to Windows.
Only it is windows that imitated the OS X/ linux model, not the other way round.

Quote:
not just blindly click and go
click? on what? You still need to enter a password. An more often than not into a terminal you have to bring up first.

Quote:
I'm just waiting for some enterprising cracker to figure out how to distribute a trojan as a dependency on some piece of software. The way *buntu has implemented security and software installation, it would be wildly successful.
Once more assuming that your su user has managed to install a system without remembering the root password (s)he submitted during install and that (s)he is happy not to have any control over the system while it is in use. How are you going to install any software without su?

Quote:
maybe they wouldn't have to twist themselves into such pretzels.
Come to think about it, this feels more like a bug than design. I have needed to use sudo su in only one situation, if I remember well when I was trying to relabel a partition. If there really was any intention to move to a root account, I imagine sudo su would be required for many more things than just that.
 
  


Reply

Tags
linux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo command not working. rock.k Linux - Newbie 2 02-27-2008 09:26 PM
Sudo Apt-get command use. Mr.Carioca Linux - Distributions 1 02-09-2008 08:05 PM
sudo command boy_to_man Linux - Newbie 1 01-05-2007 02:45 AM
SUDO Command help TPAWired Linux - Software 3 08-15-2005 02:50 PM
sudo command usage??? pagadala_cs Linux - Software 1 12-24-2004 11:13 AM


All times are GMT -5. The time now is 07:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration