Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The `su` command allows any user to obtain superuser privileges, if they know the root password:
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.
IF user does sudo bash and enter into shell he has capability to run commands run by root.
Then how can it be safe
There is a difference between su and sudo as I understand it like this. When you log in as a normal user and you have to run 'root privileged' commands you can open a terminal and su into the root account, thus gaining root privileges for the duration of your terminal session. You'd have to know the root password.
On the contrary with sudo you'll have to provide your own user password. It only works if you're a member of the sudoers list and root has to add you. Furthermore sudo can be limited to certain commands and thus maintaining a level of security.
Thank you for 'butting in', this is by no means a private conversation, everybody is free to participate. The more the merrier. This way I can learn too.
I haven't really used 'sudo -s' before but that just opens a 'shell' right? So if you don't give a user shell access, then they don't have the ability to execute sudo -s neither.
I think the whole point of using sudo is maintaining a level of security. Using the sudoers file you can limit quite a lot. And if you deny running a shell, only allow specific commands that need root privileges, then you should be quite safe.
Thanks for the clarification. I was just wondering because I often use "sudo -s" as my way of accessing a root shell. I'm using Ubuntu, and I don't think I ever set up a root password, so I can't just use "su" for this. Is it a bad idea to use "sudo -s"?
It all depends on what you want to do with your system, what your level of expertise is and most important if you share your computer/server with others.
If your the administrator (root) then it's a good thing to maintain the shell possibility only for you and not for other users if you share access to the computer/server.
I on the other hand have rarely used su or sudo (only on my wife's ubuntu). On my computers I'm root and as such I work and play. If I kill the thing then I'm the only responsible.
At work I only share root access on all our servers with my fellow sysadmin. Other users only have normal access and all root privileged commands go through us.
I read somewhere:
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.
IF user does sudo bash and enter into shell he has capability to run commands run by root.
Then how can it be safe
The best use of sudo is to limit the regular user to the absolute minimum number of privileged commands to accomplish the tasks they need. In my opinion, "sudo bash" is not in that list.
Thanks for the clarification. I was just wondering because I often use "sudo -s" as my way of accessing a root shell. I'm using Ubuntu, and I don't think I ever set up a root password, so I can't just use "su" for this. Is it a bad idea to use "sudo -s"?
Please be aware that Ubuntu has seriously bastardized the proper use of sudo because of their replacement of root with an administrator account. Most Linux distros (at least those not based on Ubuntu) don't allow this kind of nonsense with sudo. My personal opinion is that anything that allows you to get root privileges without root's password is a bad idea, but Ubuntu obviously doesn't agree.
Generally it is said that user shouldnt log?in as root.
but should login as user and then do sudo bash and enter the shell.
Yes, here you are not logged-in as superuser, but merely enjoys a superuser privilege with respect to the specified command that you have run. In that respect all other things are running as a regular 'user' except that 'command' alone which you have knowingly and willfully issued.
Quote:
IF user does sudo bash and enter into shell he has capability to run commands run by root. Then how can it be safe
Capability to run commands is not equal to an actually running the entire system as root. Capability is a mere potentiality; but running the system as root is already running in actuality. Issue: --$ sudo -i <Enter password> then You are in, but unless you willfully execute disastrous commands nothing is destroyed. As pointed out by EricTRA above this implementation maintains the level of security.
Sudo acquired status obtained through authenticated commands generally lasts for only 5 minutes, it expires without you knowing, the system is taking it back from you under assumption that it is no longer needed. You will need another sudo after that in order to run another need.
I have set my Slackware to run either as 'root' or 'sudoer' I can say that sudo implementation is reasonable and sound for newbies like me. The experts do not need it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.