How does sudo work?
After making sure the user is allowed to use sudo, it manages to run a program as root. But if sudo can run a program as root without a password, why can't other programs?
|
SUDO is a special tool, which allows users in the 'sudoers' list to be able to run programs with some or all super user (typically root) priveleges. It doesn't act on programs directly, but rather acts to elevate users priveleges, to allow the user to run stuff. Programs cannot be added to the 'sudoers' list, only users.
Can you give a specific example of what you want to know? Is there a particular program you are inquiring about? |
I just looked at random at Synaptic (ubuntu's package manager). The only user who can execute it is root. Apparently, the sudo command gives specified users root powers for just one action. The users that can use sudo are listed in /etc/sudoers.
So, you can either have root powers for all actions bu using su, or for ONE action using sudo. |
Sudo
Quote:
I don't use SUDO anyways, but would like to clarify this for myself, and the OP. :) |
Quote:
I was referring to the Synaptic binary--it can only be run by root. (But also can be run by sudo) I agree on not using sudo. It only comes up when using Ubuntu and the silly no-root-user thing. |
Quote:
Most executables are owned by root; if the setuid bit is set, then this executable runs with root permissions. Otherwise, the exectuable runs with the permissions of the calling user. This feature is useful for writing a shell script to do some particular task with a different user's files. For example, you might want to let a user run a database maintenance script, but you don't want to give him unrestricted access to the database. |
Quote:
If you absolutely must run a shell script with a different user ID (and using sudo or su is out of the question) then you will need to write an executable wrapper which you can setuid... and whose sole function would be to call the shell script. If you are interested in knowing why this is the case, a simple google for suid shell scripts and security should give you plenty to read. |
Quote:
|
All times are GMT -5. The time now is 02:38 PM. |