LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-27-2009, 01:16 PM   #1
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,461
Blog Entries: 6

Rep: Reputation: 51
why sudo ?


I read somewhere:
Code:
The `su` command allows any user to obtain superuser privileges, if they know the root password:
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.
IF user does sudo bash and enter into shell he has capability to run commands run by root.
Then how can it be safe
 
Old 11-27-2009, 01:23 PM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

There is a difference between su and sudo as I understand it like this. When you log in as a normal user and you have to run 'root privileged' commands you can open a terminal and su into the root account, thus gaining root privileges for the duration of your terminal session. You'd have to know the root password.

On the contrary with sudo you'll have to provide your own user password. It only works if you're a member of the sudoers list and root has to add you. Furthermore sudo can be limited to certain commands and thus maintaining a level of security.

You can read more about it here:
Access control
Sudo vs root

Kind regards,

Eric
 
Old 11-27-2009, 03:10 PM   #3
MrCode
Member
 
Registered: Aug 2009
Location: Oregon, USA
Distribution: Arch
Posts: 864
Blog Entries: 31

Rep: Reputation: 148Reputation: 148
Quote:
Originally Posted by EricTRA
Furthermore sudo can be limited to certain commands and thus maintaining a level of security.
(Sorry if this seems like I'm butting in)

What about instances where there is no command, but only an argument (such as in the instance of "sudo -s")?
 
Old 11-27-2009, 03:22 PM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

Thank you for 'butting in', this is by no means a private conversation, everybody is free to participate. The more the merrier. This way I can learn too.

I haven't really used 'sudo -s' before but that just opens a 'shell' right? So if you don't give a user shell access, then they don't have the ability to execute sudo -s neither.

I think the whole point of using sudo is maintaining a level of security. Using the sudoers file you can limit quite a lot. And if you deny running a shell, only allow specific commands that need root privileges, then you should be quite safe.

Kind regards,

Eric
 
Old 11-27-2009, 03:27 PM   #5
MrCode
Member
 
Registered: Aug 2009
Location: Oregon, USA
Distribution: Arch
Posts: 864
Blog Entries: 31

Rep: Reputation: 148Reputation: 148
Thanks for the clarification. I was just wondering because I often use "sudo -s" as my way of accessing a root shell. I'm using Ubuntu, and I don't think I ever set up a root password, so I can't just use "su" for this. Is it a bad idea to use "sudo -s"?
 
Old 11-27-2009, 03:40 PM   #6
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
It all depends on what you want to do with your system, what your level of expertise is and most important if you share your computer/server with others.

If your the administrator (root) then it's a good thing to maintain the shell possibility only for you and not for other users if you share access to the computer/server.

I on the other hand have rarely used su or sudo (only on my wife's ubuntu). On my computers I'm root and as such I work and play. If I kill the thing then I'm the only responsible.

At work I only share root access on all our servers with my fellow sysadmin. Other users only have normal access and all root privileged commands go through us.

I haven't had any problems yet.

Kind regards,

Eric
 
1 members found this post helpful.
Old 11-27-2009, 11:03 PM   #7
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Quote:
Originally Posted by your_shadow03 View Post
I read somewhere:
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.
IF user does sudo bash and enter into shell he has capability to run commands run by root.
Then how can it be safe
The best use of sudo is to limit the regular user to the absolute minimum number of privileged commands to accomplish the tasks they need. In my opinion, "sudo bash" is not in that list.
 
Old 11-28-2009, 08:14 AM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Originally Posted by MrCode View Post
Thanks for the clarification. I was just wondering because I often use "sudo -s" as my way of accessing a root shell. I'm using Ubuntu, and I don't think I ever set up a root password, so I can't just use "su" for this. Is it a bad idea to use "sudo -s"?

Please be aware that Ubuntu has seriously bastardized the proper use of sudo because of their replacement of root with an administrator account. Most Linux distros (at least those not based on Ubuntu) don't allow this kind of nonsense with sudo. My personal opinion is that anything that allows you to get root privileges without root's password is a bad idea, but Ubuntu obviously doesn't agree.
 
Old 11-28-2009, 10:31 AM   #9
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,613

Rep: Reputation: 433Reputation: 433Reputation: 433Reputation: 433Reputation: 433
your_shadow03,

Quote:
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.

Yes, here you are not logged-in as superuser, but merely enjoys a superuser privilege with respect to the specified command that you have run. In that respect all other things are running as a regular 'user' except that 'command' alone which you have knowingly and willfully issued.

Quote:
IF user does sudo bash and enter into shell he has capability to run commands run by root. Then how can it be safe

Capability to run commands is not equal to an actually running the entire system as root. Capability is a mere potentiality; but running the system as root is already running in actuality. Issue: --$ sudo -i <Enter password> then You are in, but unless you willfully execute disastrous commands nothing is destroyed. As pointed out by EricTRA above this implementation maintains the level of security.
Sudo acquired status obtained through authenticated commands generally lasts for only 5 minutes, it expires without you knowing, the system is taking it back from you under assumption that it is no longer needed. You will need another sudo after that in order to run another need.
I have set my Slackware to run either as 'root' or 'sudoer' I can say that sudo implementation is reasonable and sound for newbies like me. The experts do not need it.

Hope this could help explain.

Good luck to all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo blkid vs. sudo fdisk -l problems alienexplorers Linux - Newbie 1 01-13-2009 01:35 AM
LXer: sudo, or not sudo: that is the question LXer Syndicated Linux News 0 02-07-2008 06:40 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM


All times are GMT -5. The time now is 12:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration