LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-08-2010, 11:42 AM   #1
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,462
Blog Entries: 6

Rep: Reputation: 51
Can sudo do?


Can a sudo user do everything what a root user can do?
I read sometimes expert say "You should run it as root rather than sudo user".

Last edited by your_shadow03; 02-09-2010 at 12:15 AM.
 
Old 02-08-2010, 11:45 AM   #2
Mr-Bisquit
Member
 
Registered: Feb 2009
Distribution: FreeBSD, OpenBSD, NetBSD, Debian, Fedora
Posts: 770
Blog Entries: 52

Rep: Reputation: 68
If you are experienced and safe use sudo.
Personally, I call it a security risk waiting to bite you in the ass.
 
1 members found this post helpful.
Old 02-08-2010, 11:51 AM   #3
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Take a look at
http://kb.iu.edu/data/amyi.html
 
Old 02-08-2010, 12:16 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by your_shadow03 View Post
Can a sudo user everything what a root user can do?
I read sometimes expert say "You should run it as root rather than sudo user".
How long is a "piece of string"?

It entirely depends on how you set /etc/sudoers up.

If it's done poorly (like e.g. in Ubuntu) your
user can do ANYTHING.
 
Old 02-08-2010, 01:12 PM   #5
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Definition of "expert": A drip under pressure.

My inner expert says that I should use the ways of the ancient masters--root is the administrator, users are users, and there is no "sudo". sudo is ambiguity--ie you may or may not be able to do something. Computers do not like ambiguity.

So there!!!
 
Old 02-08-2010, 01:19 PM   #6
onebuck
Moderator
 
Registered: Jan 2005
Location: Midwest USA, Central Illinois
Distribution: Slackware®
Posts: 12,892
Blog Entries: 27

Rep: Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182Reputation: 2182
Hi,

I think 'man sudo' explains it;

Quote:
DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified
in the sudoers file. The real and effective uid and gid are set to match those of the target
user as specified in the passwd file and the group vector is initialized based on the group file
(unless the -P option was specified). If the invoking user is root or if the target user is the
same as the invoking user, no password is required. Otherwise, sudo requires that users authen-
ticate themselves with a password by default (NOTE: in the default configuration this is the
user's password, not the root password). Once a user has been authenticated, a timestamp is
updated and the user may then use sudo without a password for a short period of time (5 minutes
unless overridden in sudoers).

When invoked as sudoedit, the -e option (described below), is implied.

sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo
the -v flag a user can update the time stamp without running a command. The password prompt
itself will also time out if the user's password is not entered within 5 minutes (unless overrid-
den via sudoers).

If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to
the proper authorities, as defined at configure time or in the sudoers file (defaults to root).
Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v
flags. This allows users to determine for themselves whether or not they are allowed to use
sudo.
 
Old 02-08-2010, 01:20 PM   #7
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,462
Blog Entries: 6

Original Poster
Rep: Reputation: 51
Pixel..I respect your words.
But what I really want to know is :

Say I have /etc/sudoers with entry:

root ALL=(ALL) ALL

ravi ALL=(ALL) ALL

Does that mean by simply running sudo bash, I can run any command with root privileges.
There may be few commands which recommends to be running as root user.
In that case, can sudo user(who is provided with root permission) have almost every judgement at hand.
 
Old 02-08-2010, 01:25 PM   #8
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
My irreverent remarks were not directed at you!! The only thing I know about sudo is that I don't like it....
 
Old 02-08-2010, 02:55 PM   #9
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
A user who is allowed to run all commands via sudo will be allowed to do anything root can do.

Personally I like sudo ... it allows us to have multiple system administrators without having to distribute the root password. It also allows us to limit what junior admins can do. It also provides an additional audit trail. However, this is predicated on sudo being set up correctly.
 
1 members found this post helpful.
Old 02-08-2010, 04:16 PM   #10
devnull10
Member
 
Registered: Jan 2010
Location: Lancashire
Distribution: Slackware Stable
Posts: 553

Rep: Reputation: 116Reputation: 116
I think sudo is a good idea for organizations, multi-user machines/servers etc, however for someone running linux on their own machine as a desktop, no others users etc, then sometimes the overhead of setting up the sudoers file can be a pain in the arse!
If I want to say change the ownership of a file, I ain't gonna sudo it, I'll just su to root, do the change and then logout (or use su -c).
 
Old 02-08-2010, 04:20 PM   #11
jefro
Moderator
 
Registered: Mar 2008
Posts: 17,101

Rep: Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552Reputation: 2552
sudo is root for only that command where as su to root is root for all commands good or bad.
 
Old 02-08-2010, 06:23 PM   #12
mudangel
Member
 
Registered: May 2008
Location: Ohio
Distribution: Slackware
Posts: 267

Rep: Reputation: 56
Quote:
Originally Posted by jefro View Post
sudo is root for only that command where as su to root is root for all commands good or bad.
sudo won't keep one from making mistakes; the Ubuntu-default setup allows a regular user to be root- a user with unlimited privileges IS root.
edit: I'm not knocking Ubuntu as such, just the way it uses sudo.

Last edited by mudangel; 02-08-2010 at 06:25 PM.
 
Old 02-08-2010, 11:11 PM   #13
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Quote:
Originally Posted by jefro View Post
sudo is root for only that command where as su to root is root for all commands good or bad.
There are no "bad commands"---only the usage of a command ever comes into question. Even then, I would not tell someone they were "bad"---perhaps I would just say: "That was not your best move this week."

Seriously, root is for doing a bunch of admin stuff very quickly--eg to fix the )(%(*& computer before you leave for work so that your wife can surf the shoe stores. Having to spend the extra time typing "sudo" could affect your quality of life for the entire week.

sudo is for-----hmmmm???---Ah--sudo is for Ubuntu.
 
1 members found this post helpful.
Old 02-08-2010, 11:27 PM   #14
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,318

Rep: Reputation: 126Reputation: 126
I'm in the middle of the boat here. Sudo is very good for what it's meant for, and that IMO is 1) to limit the abilities of junior admins like btmiller says, and 2) to get you out of the habit of logging into root and staying logged in for normal tasks. For the most of us, #2 is the most important. It's not just the "rm -rf /" that is dangerous to run as root. If you run ordinary tasks as root, when you really meant to be yourself, then you might have a mess of permissions and ownerships to untangle. Running gdm/kdm as root is just asking for trouble.

So, for the most part, I use sudo for my admin tasks, including compiling and installing new kernels. OTOH, when I boot up a new kernel, both the virtualbox and nvidia drivers are non-functional, so I login to root to fix those, and then logout and bring up gdm.
 
Old 02-08-2010, 11:30 PM   #15
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
Originally Posted by pixellany View Post
Seriously, root is for doing a bunch of admin stuff very quickly--eg to fix the )(%(*& computer before you leave for work so that your wife can surf the shoe stores. Having to spend the extra time typing "sudo" could affect your quality of life for the entire week.
Or (if you've taken that option into consideration) you
could let yourself do 'sudo -i' and become root on a
system where root has no password ... that's three keystrokes
more than 'su -'. If that affects your quality of life ... ;}



Quote:
Originally Posted by pixellany View Post
sudo is for-----hmmmm???---Ah--sudo is for Ubuntu.
Or for your DBAs, if you want to give them permission
to update their products directory tree w/o letting them
(by accident, of course, not by malice) delete /etc or
the likes by giving them a set of maybe 10 commands they
can run against a given file/directory.


Admittedly it's more effort to set sudo up, and I'll also
confess that it wouldn't occur to me to use it on my slack
machines at home. But to say it's useless is unfair, and
I can clearly see the benefits in a corporate environment.



Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Ultimate Sudo FAQ — To Sudo Or Not To Sudo? LXer Syndicated Linux News 13 04-13-2013 02:36 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo blkid vs. sudo fdisk -l problems alienexplorers Linux - Newbie 1 01-13-2009 01:35 AM
LXer: sudo, or not sudo: that is the question LXer Syndicated Linux News 0 02-07-2008 06:40 PM
Restricting Editing in Sudo (Advanced Sudo Question) LinuxGeek Linux - Software 4 11-04-2006 04:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration