Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-08-2010, 10:42 AM
|
#1
|
Senior Member
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Rep:
|
Can sudo do?
Can a sudo user do everything what a root user can do?
I read sometimes expert say "You should run it as root rather than sudo user".
Last edited by your_shadow03; 02-08-2010 at 11:15 PM.
|
|
|
02-08-2010, 10:45 AM
|
#2
|
Member
Registered: Feb 2009
Distribution: FreeBSD, OpenBSD, NetBSD, Debian, Fedora
Posts: 770
Rep:
|
If you are experienced and safe use sudo.
Personally, I call it a security risk waiting to bite you in the ass.
|
|
1 members found this post helpful.
|
02-08-2010, 10:51 AM
|
#3
|
LQ 5k Club
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529
|
|
|
|
02-08-2010, 11:16 AM
|
#4
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by your_shadow03
Can a sudo user everything what a root user can do?
I read sometimes expert say "You should run it as root rather than sudo user".
|
How long is a "piece of string"?
It entirely depends on how you set /etc/sudoers up.
If it's done poorly (like e.g. in Ubuntu) your
user can do ANYTHING.
|
|
|
02-08-2010, 12:12 PM
|
#5
|
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809
|
Definition of "expert": A drip under pressure.
My inner expert says that I should use the ways of the ancient masters--root is the administrator, users are users, and there is no "sudo". sudo is ambiguity--ie you may or may not be able to do something. Computers do not like ambiguity.
So there!!!
|
|
|
02-08-2010, 12:19 PM
|
#6
|
Moderator
Registered: Jan 2005
Location: Central Florida 20 minutes from Disney World
Distribution: Slackware®
Posts: 13,948
|
Hi,
I think ' man sudo' explains it;
Quote:
DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified
in the sudoers file. The real and effective uid and gid are set to match those of the target
user as specified in the passwd file and the group vector is initialized based on the group file
(unless the -P option was specified). If the invoking user is root or if the target user is the
same as the invoking user, no password is required. Otherwise, sudo requires that users authen-
ticate themselves with a password by default (NOTE: in the default configuration this is the
user's password, not the root password). Once a user has been authenticated, a timestamp is
updated and the user may then use sudo without a password for a short period of time (5 minutes
unless overridden in sudoers).
When invoked as sudoedit, the -e option (described below), is implied.
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo
the -v flag a user can update the time stamp without running a command. The password prompt
itself will also time out if the user's password is not entered within 5 minutes (unless overrid-
den via sudoers).
If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to
the proper authorities, as defined at configure time or in the sudoers file (defaults to root).
Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v
flags. This allows users to determine for themselves whether or not they are allowed to use
sudo.
|
|
|
|
02-08-2010, 12:20 PM
|
#7
|
Senior Member
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466
Original Poster
Rep:
|
Pixel..I respect your words.
But what I really want to know is :
Say I have /etc/sudoers with entry:
root ALL=(ALL) ALL
ravi ALL=(ALL) ALL
Does that mean by simply running sudo bash, I can run any command with root privileges.
There may be few commands which recommends to be running as root user.
In that case, can sudo user(who is provided with root permission) have almost every judgement at hand.
|
|
|
02-08-2010, 12:25 PM
|
#8
|
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809
|
My irreverent remarks were not directed at you!! The only thing I know about sudo is that I don't like it....
|
|
|
02-08-2010, 01:55 PM
|
#9
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
A user who is allowed to run all commands via sudo will be allowed to do anything root can do.
Personally I like sudo ... it allows us to have multiple system administrators without having to distribute the root password. It also allows us to limit what junior admins can do. It also provides an additional audit trail. However, this is predicated on sudo being set up correctly.
|
|
1 members found this post helpful.
|
02-08-2010, 03:16 PM
|
#10
|
Member
Registered: Jan 2010
Location: Lancashire
Distribution: Slackware Stable
Posts: 572
Rep:
|
I think sudo is a good idea for organizations, multi-user machines/servers etc, however for someone running linux on their own machine as a desktop, no others users etc, then sometimes the overhead of setting up the sudoers file can be a pain in the arse!
If I want to say change the ownership of a file, I ain't gonna sudo it, I'll just su to root, do the change and then logout (or use su -c).
|
|
|
02-08-2010, 03:20 PM
|
#11
|
Moderator
Registered: Mar 2008
Posts: 22,110
|
sudo is root for only that command where as su to root is root for all commands good or bad.
|
|
|
02-08-2010, 05:23 PM
|
#12
|
Member
Registered: May 2008
Location: Ohio
Distribution: Slackware
Posts: 267
Rep:
|
Quote:
Originally Posted by jefro
sudo is root for only that command where as su to root is root for all commands good or bad.
|
sudo won't keep one from making mistakes; the Ubuntu-default setup allows a regular user to be root- a user with unlimited privileges IS root.
edit: I'm not knocking Ubuntu as such, just the way it uses sudo.
Last edited by mudangel; 02-08-2010 at 05:25 PM.
|
|
|
02-08-2010, 10:11 PM
|
#13
|
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,809
|
Quote:
Originally Posted by jefro
sudo is root for only that command where as su to root is root for all commands good or bad.
|
There are no "bad commands"---only the usage of a command ever comes into question. Even then, I would not tell someone they were "bad"---perhaps I would just say: "That was not your best move this week."
Seriously, root is for doing a bunch of admin stuff very quickly--eg to fix the )(%(*& computer before you leave for work so that your wife can surf the shoe stores. Having to spend the extra time typing "sudo" could affect your quality of life for the entire week.
sudo is for-----hmmmm???---Ah--sudo is for Ubuntu.
|
|
1 members found this post helpful.
|
02-08-2010, 10:27 PM
|
#14
|
Senior Member
Registered: Nov 2006
Distribution: Debian Linux 11 (Bullseye)
Posts: 3,407
Rep:
|
I'm in the middle of the boat here. Sudo is very good for what it's meant for, and that IMO is 1) to limit the abilities of junior admins like btmiller says, and 2) to get you out of the habit of logging into root and staying logged in for normal tasks. For the most of us, #2 is the most important. It's not just the "rm -rf /" that is dangerous to run as root. If you run ordinary tasks as root, when you really meant to be yourself, then you might have a mess of permissions and ownerships to untangle. Running gdm/kdm as root is just asking for trouble.
So, for the most part, I use sudo for my admin tasks, including compiling and installing new kernels. OTOH, when I boot up a new kernel, both the virtualbox and nvidia drivers are non-functional, so I login to root to fix those, and then logout and bring up gdm.
|
|
|
02-08-2010, 10:30 PM
|
#15
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by pixellany
Seriously, root is for doing a bunch of admin stuff very quickly--eg to fix the )(%(*& computer before you leave for work so that your wife can surf the shoe stores. Having to spend the extra time typing "sudo" could affect your quality of life for the entire week.
|
Or (if you've taken that option into consideration) you
could let yourself do 'sudo -i' and become root on a
system where root has no password ... that's three keystrokes
more than 'su -'. If that affects your quality of life ... ;}
Quote:
Originally Posted by pixellany
sudo is for-----hmmmm???---Ah--sudo is for Ubuntu.
|
Or for your DBAs, if you want to give them permission
to update their products directory tree w/o letting them
(by accident, of course, not by malice) delete /etc or
the likes by giving them a set of maybe 10 commands they
can run against a given file/directory.
Admittedly it's more effort to set sudo up, and I'll also
confess that it wouldn't occur to me to use it on my slack
machines at home. But to say it's useless is unfair, and
I can clearly see the benefits in a corporate environment.
Cheers,
Tink
|
|
|
All times are GMT -5. The time now is 03:47 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|