LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-29-2010, 04:03 PM   #1
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Rep: Reputation: 15
Why does "sudo" ask you for the same password again?


A long time ago when I worked in a Unix shop the system administrator would use "su root", give the root password which only he knew, and then did work.

On linux now you use "sudo". I tried it with the wrong password, but it makes no sense to me to ask for your user password a second time in a shell and give that person root access.

Can anyone tell me the rational behind "sudo"?

Last edited by stonehinge03; 01-29-2010 at 04:23 PM.
 
Old 01-29-2010, 04:11 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
you log in.

you do some work.

you go for a cup of tea.

someone else wanders along 30 minutes later and see's your logged in.

they run "sudo rm -rf /" and laugh maniacally.


OR you could ask for the password within a few minutes of running sudo commands to significantly increase the security of the system.

You CAN disable the password with the NOPASSWD option, but unless it's an irrelevant machine with no significant access by anyone else then it's a bad idea.
 
Old 01-29-2010, 04:16 PM   #3
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,244

Rep: Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199
sudo is simply a tool that you can choose to use, or not use, depending on your needs.
 
Old 01-29-2010, 04:22 PM   #4
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by snowpine View Post
sudo is simply a tool that you can choose to use, or not use, depending on your needs.
My system doesn't let you use "su root" so I have to use it and it just baffles me. What is the use in asking for the same password of a user twice to give increased access? Shouldn't sudo logically ask for the root password, not the user password a second time?
 
Old 01-29-2010, 04:25 PM   #5
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,244

Rep: Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199
Quote:
Originally Posted by stonehinge03 View Post
My system doesn't let you use "su root" so I have to use it and it just baffles me. What is the use in asking for the same password of a user twice to give increased access? Shouldn't sudo logically ask for the root password, not the user password a second time?
Which distribution are you using? I'm sure you can enable su and disable sudo if you prefer.

sudo is typically used in situations where the root account is disabled. If there is no root password, then a hacker cannot guess the password--they need to guess your username as well.
 
1 members found this post helpful.
Old 01-29-2010, 04:29 PM   #6
slacker_et
Member
 
Registered: Dec 2009
Distribution: Slackware
Posts: 113

Rep: Reputation: 23
Sudo is not just on Linux and it's not new. It's on most (all ?) unixes and it's been around for probably just as long as su.
(Aren't they part of they same tool ?)

Using sudo prevents users from logging in as root via su, forgetting to logout after doing what they need to do, and then accidently doing something harmful.

Plus having sudo prompt the user for their own password and not root's. Means the sysadmins don't have to pass out root's password and hope it doesn't get into the wrong hands.
Although that could be meaningless if the user is granted permissions to run ANY command via sudo and then that user's own password gets into the wrong hands

--ET
 
Old 01-29-2010, 04:31 PM   #7
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Squeeze 2.6.32.9 SMP AMD64
Posts: 3,318

Rep: Reputation: 126Reputation: 126
Quote:
Originally Posted by stonehinge03 View Post
My system doesn't let you use "su root" so I have to use it and it just baffles me. What is the use in asking for the same password of a user twice to give increased access? Shouldn't sudo logically ask for the root password, not the user password a second time?
See acid_kewpie's response. It may seem wrong if the only Linux system you use is the one at home. But, it makes perfect sense in a business environment. "sudo" is primarily to give access to subsets of the root function to trusted users or other admins. You wouldn't want to hand out the root password to users who are only allowed to do backups or mount drives or some other limited root-type function.
 
Old 01-29-2010, 04:34 PM   #8
pentode
Member
 
Registered: Dec 2005
Location: Oregon
Distribution: Debian Testing
Posts: 488

Rep: Reputation: 38
Using the root password with sudo defeats the purpose of sudo. If you know the root password, you don't need sudo. Just log in as root.

The time out function is there for added security, as already pointed out. Sudo allows administrator to limit the privileges of any particular user who is using sudo.
 
Old 01-29-2010, 04:55 PM   #9
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by snowpine View Post
Which distribution are you using? I'm sure you can enable su and disable sudo if you prefer.

sudo is typically used in situations where the root account is disabled. If there is no root password, then a hacker cannot guess the password--they need to guess your username as well.
Ah. I see. I use ubuntu 9.10.
 
Old 01-29-2010, 04:59 PM   #10
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,244

Rep: Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199
Here's everything you need to know about sudo in Ubuntu:

https://help.ubuntu.com/community/RootSudo
 
1 members found this post helpful.
Old 01-29-2010, 08:31 PM   #11
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,064

Rep: Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894Reputation: 894
Quote:
Originally Posted by stonehinge03 View Post
Ah. I see. I use ubuntu 9.10.
Ubuntu is a bit different from most Linuxes in its use of root (it doesn't use a separate root account, although you can 'hack' it so that it does, most everything else does have an explicit root account).

Some people violently disagree with the way Ubuntu does things, and for them, they should use something else (choice!). For everyone else, it is just a variant, but, if you don't make clear that your question applies to Ubuntu or an Ubuntu derivative, you'll probably get some confusing
and/or wrong answers.
 
Old 01-29-2010, 09:25 PM   #12
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by salasi View Post
Ubuntu is a bit different from most Linuxes in its use of root (it doesn't use a separate root account, although you can 'hack' it so that it does, most everything else does have an explicit root account).
Do you do this with "sudo su root"?
 
Old 01-29-2010, 09:31 PM   #13
schneidz
LQ Guru
 
Registered: May 2005
Location: boston, usa
Distribution: fc-15/ fc-20-live-usb/ aix
Posts: 5,150

Rep: Reputation: 887Reputation: 887Reputation: 887Reputation: 887Reputation: 887Reputation: 887Reputation: 887
i dont remember but i think fedora asks for the root passwd on a sudo.

now that i am playing with xbmc (debian based), when i do a sudo it asks for the user's passwd. it took me an hour to figure out what was wrong with the root passwd.

either way i just add myself to visudo.
 
Old 01-29-2010, 09:35 PM   #14
stonehinge03
LQ Newbie
 
Registered: Jan 2010
Posts: 21

Original Poster
Rep: Reputation: 15
Ha! So there is a distro that does the logical thing. I had to add a user to the "admin" group and that made that user and their password the de facto root account.
 
Old 01-29-2010, 10:18 PM   #15
snowpine
Senior Member
 
Registered: Feb 2009
Posts: 4,244

Rep: Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199Reputation: 1199
Quote:
Originally Posted by stonehinge03 View Post
Do you do this with "sudo su root"?
I think the "correct" alternative to "su" in Ubuntu is "sudo -i".

(Ubuntu is a little different from other distros.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo fails - "sudo: can't get hostname: Success" fantasygoat Linux - Server 3 10-01-2009 03:59 PM
Shell "at" and "sudo" question discomurder Programming 1 02-11-2009 07:38 PM
cannot "sudo apt-get uptate" or "sudo" anything! plz help mdguy21061 Linux - Newbie 7 04-14-2008 12:59 AM
how do I get around the "submit passwd" prompt in ubuntu even if I use "sudo"? t3gah Linux - Distributions 1 02-22-2005 05:42 PM
normal user want to perform "init 6" by using " sudo acbenny Linux - General 3 08-08-2004 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration