Understanding sudo
I told someone specifically to not execute a program while in a user other than /root. So he does it anyway, :( which led to an ownership problem. My understanding of sudo is that when you do a sudo to anything outside of /root, that the command is actually executed as if you were actually in /root and not executed as though you were in the current non-root user. Is that correct?
|
you mixed two things: /root is a directory, the home directory of the user root. The user root has special privileges, but it is not related to any directory (home or not home).
the command sudo will allow you to act as another user (see man page: http://linux.die.net/man/8/sudo) - can be configured, usually it is used to execute commands which require root privileges. It is not relevant if you were currently in the /root directory or not. would be nice to describe your ownership problem better... |
What happened is: he was in user bill. User bill has root privileges (visudo entry). He was told not to start a program that was installed in user bill with sudo prepended. He couldn't get the program to start by just using its name (he wasn't in the correct directory), so he used 'sudo progeamname'. Ther program again didn't start, but /root took ownership of the path to the program. That is what I think happened, anyway.
|
su ("super" - "user") to stay root user in a terminal or sudo -s ("su" - "do" ;)) [QUOTE=battles;5170606] could have looks at chown
|
This definition:
Definition: sudo: Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root... seems to imply that if a user is given root privileges, when he executes a 'sudo whatever', that it is as if he were actually in the /root user's account executing the 'sudo whatever' command, although he is actually in user bill. Am I understanding this correctly? That is the way if was explained to me. |
Like pan64 said /root means a directory (usually not much in root's home folder i.e: /root) and root as a user owns, for the most part, all of / (the root (like a tree) or bottom directory (jargon :rolleyes: pun intended) but yes sudo can do as much damage as the user root...
:Edits. |
Can a user be allowed sudo privileges to install a program, but prevented privileges to executing any programs with the sudo command?
|
Probably, I'm no guru on that there may be better users or groups suited?
http://www.sudo.ws/pipermail/sudo-us...ry/004312.html http://answers.oreilly.com/topic/432...ons-with-sudo/ http://ubuntuforums.org/showthread.php?t=1132821 http://www.techrepublic.com/article/...h-sudo-part-1/ :D |
Thanks all. I'll get my head around this sudo thing eventually.
|
please read the DESCRIPTION part of the man page of sudo:
Quote:
This does not mean they can execute sudo whatever but what was allowed and nothing else. |
I guess my final question is:
If bill is logged into user bill, and bill has been give root privileges, then when he executes a sudo progranname, does the execution of sudo progranname execute the program just as though he were doing so from the user root? Maybe that isn't making any sense. |
that is the goal of sudo
the user bill entered: sudo programname and programname will be executed as root (instead of bill) |
That is excellent, just what I need to know. That is why when the user executed the program using the prepended (prepended - not an actual word, but it should be) sudo caused him to not be able to execute the program from bill, because root took ownership of the program. It wasn't until after I did a chown that he was able to execute it. What I am trying to find now is if there is some way to give bill sudo privileges to install a sudo program from bill, but not execute a sudo program from bill. He should only be able to dimply execute program from bill.
Thanks!!! |
You still missed some points: root did not take ownership of the program but the execution of it. By default users do not own the programs just execute them (as themselves). So bill will execute all the programs (owned by anyone) he started as bill (himself).
for example: ls is a program, you can find it in /bin and touch is another program/ Code:
pan@/tmp$ ls -l /bin/touch /bin/ls |
"You still missed some points" – I resent (actually resemble) that remark! :)
Thanks. |
All times are GMT -5. The time now is 12:42 AM. |