Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I told someone specifically to not execute a program while in a user other than /root. So he does it anyway, which led to an ownership problem. My understanding of sudo is that when you do a sudo to anything outside of /root, that the command is actually executed as if you were actually in /root and not executed as though you were in the current non-root user. Is that correct?
you mixed two things: /root is a directory, the home directory of the user root. The user root has special privileges, but it is not related to any directory (home or not home).
the command sudo will allow you to act as another user (see man page: http://linux.die.net/man/8/sudo) - can be configured, usually it is used to execute commands which require root privileges. It is not relevant if you were currently in the /root directory or not.
would be nice to describe your ownership problem better...
What happened is: he was in user bill. User bill has root privileges (visudo entry). He was told not to start a program that was installed in user bill with sudo prepended. He couldn't get the program to start by just using its name (he wasn't in the correct directory), so he used 'sudo progeamname'. Ther program again didn't start, but /root took ownership of the path to the program. That is what I think happened, anyway.
This definition:
Definition: sudo: Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root...
seems to imply that if a user is given root privileges, when he executes a 'sudo whatever', that it is as if he were actually in the /root user's account executing the 'sudo whatever' command, although he is actually in user bill. Am I understanding this correctly? That is the way if was explained to me.
Like pan64 said /root means a directory (usually not much in root's home folder i.e: /root) and root as a user owns, for the most part, all of / (the root (like a tree) or bottom directory (jargon pun intended) but yes sudo can do as much damage as the user root...
:Edits.
Last edited by jamison20000e; 05-14-2014 at 06:47 AM.
please read the DESCRIPTION part of the man page of sudo:
Quote:
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The real
and effective uid and gid are set to match those of the target user, as specified in the password database, and the group vector is
initialized based on the group database (unless the -P option was specified).
sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their
own policy and I/O logging modules to work seemlessly with the sudo front end. The default security policy is sudoers, which is
configured via the file /etc/sudoers, or via LDAP. See the PLUGINS section for more information.
The security policy determines what privileges, if any, a user has to run sudo. The policy may require that users authenticate
themselves with a password or another authentication mechanism. If authentication is required, sudo will exit if the user's password
is not entered within a configurable time limit. This limit is policy-specific; the default password prompt timeout for the sudoers
security policy is unlimited.
Security policies may support credential caching to allow the user to run sudo again for a period of time without requiring
authentication. The sudoers policy caches credentials for 15 minutes, unless overridden in sudoers(5). By running sudo with the -v
option, a user can update the cached credentials without running a command.
When invoked as sudoedit, the -e option (described below), is implied.
Security policies may log successful and failed attempts to use sudo. If an I/O plugin is configured, the running command's input
and output may be logged as well.
Definition: sudo: Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root (or as anyone else).
This does not mean they can execute sudo whatever but what was allowed and nothing else.
I guess my final question is:
If bill is logged into user bill, and bill has been give root privileges, then when he executes a sudo progranname, does the execution of sudo progranname execute the program just as though he were doing so from the user root? Maybe that isn't making any sense.
That is excellent, just what I need to know. That is why when the user executed the program using the prepended (prepended - not an actual word, but it should be) sudo caused him to not be able to execute the program from bill, because root took ownership of the program. It wasn't until after I did a chown that he was able to execute it. What I am trying to find now is if there is some way to give bill sudo privileges to install a sudo program from bill, but not execute a sudo program from bill. He should only be able to dimply execute program from bill.
You still missed some points: root did not take ownership of the program but the execution of it. By default users do not own the programs just execute them (as themselves). So bill will execute all the programs (owned by anyone) he started as bill (himself).
for example: ls is a program, you can find it in /bin and touch is another program/
Code:
pan@/tmp$ ls -l /bin/touch /bin/ls
-rwxr-xr-x 1 root root 105840 Nov 19 2012 /bin/ls
-rwxr-xr-x 1 root root 60112 Nov 19 2012 /bin/touch
here you can see that the owner of both apps is root.
But anyone (bill, you and me) allowed to use it as myself.
pan@/tmp$ touch /tmp/aaa
pan@/tmp$ sudo touch /tmp/bbb
pan@/tmp$ ls -l /tmp/aaa /tmp/bbb
-rw-r--r-- 1 pan pan 0 May 14 14:59 /tmp/aaa
-rw-r--r-- 1 root root 0 May 14 15:00 /tmp/bbb
as you see /tmp/aaa owned by me and /tmp/bbb is owned by root
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.