sudo – execute a command as another user
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user’s password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5
minutes unless overridden in sudoers).
sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user’s password is not entered within 5
minutes (unless overridden via sudoers).
If a user who is not listed in the sudoers file tries to run a command via sudo, mail is sent to the proper authorities, as defined at configure time or the sudoers file (defaults to root). Note that the mail will not be sent if an unauthorized user tries to run sudo with the -l or -v flags. This allows users to determine for themselves whether or not they are allowed to use sudo.
sudo can log both successful and unsuccessful attempts (as well as errors) to syslog(3), a log file, or both. By default sudo will log via syslog(3) but this is changeable at configure time or via the sudoers file.
su command stands for "switch user", and allows you to become another user. To use the
su command on a per-command basis, enter:
su user -c command
user with the name of the account which you’d like to run the command as, and
command with the command you need to run as another user. To switch users before running many commands, enter:
user with the name of the account which you’d like to run the commands as.
user feature is optional; if you don’t provide a user, the
su command defaults to the
root account, which in Unix is the system administrator account. In either case, you’ll be prompted for the password associated with the account for which you’re trying to run the command. If you supply a user, you will be logged in as that account until you exit it. To do so, press
Ctrl-d or type
exit at the command prompt.
su creates security hazards, is potentially dangerous, and requires more administrative maintenance. It’s not good practice to have numerous people knowing and using the
root password because when logged in as
root, you can do anything to the system. This could provide too much power for inexperienced users, who could unintentionally damage the system. Additionally, each time a user should no longer use the
root account (e.g., an employee leaves), the system administrator will have to change the
One of the things that makes Linux more secure than some operating systems is a permission system and separate logins. This adds the complication that some administrative tasks must be done using the administrator login (called root) but that is a small price to pay for the added level of security.
Different Linux distributions offer different ways to become root to perform these administrative tasks. The differences are not complicated to understand and there are valid reasons for each approach. In this article TUX explains these differences and how to get the job done using the various approaches.
If your system presents you with a graphical login screen (SuSE and Debian are two examples) then you would expect that logging in as root instead of your personal login would be the approach. While it can be done, it is the most dangerous approach from a security point of view.
Once you have logged in you will be running your typical graphical interface but with system-wide permissions. This means an inadvertent mistake could have systemwide consequences. For example, you could drag an important system file or program to the trash can. Without your typical user-level restrictions, the file would be removed and the system could quickly come to a grinding halt.
SuSE systems warn you that you are the root user by displaying a red background with bombs on it but this is just a warning to you to be careful. The system isn’t checking your work so it is up to you not to make a mistake or you will just pay the consequences. A better solution would be to have you use your normal login for most of the work but be able to temporarily become the administrator as needed.
YAST, SuSE’s graphical administration program offers a level of protection. You can start YAST from the menu and it prompts you for the root password and then keeps you within its graphical environment. Thus, you at least have the level of hand-holding that YAST offers before you can make a fatal mistake. But, besides still having the ability to make a mistake, a bug in the YAST software itself could result in system damage.
The real goal is to do the various tasks with the minimum permissions that allow the task to be performed. For geeks, Linux (and UNIX) has always had the
su or substitute user command. This means that from the command line, you could become the administrator or any other user as long as you had the appropriate password. No need to log out and back in.
The most common place where this capability would be used in in building new software from source code. Typically, this is done by running three commands,
make install. Only the last one of these commands (
make install) needs to be run as the administrator. Thus, from the command line, the user can use the
su command before running
make install to run only the one command as root. Not much overhead for a large amount of added security.
While this approach is a lot safer than just logging in as root, you still must remember to exit the administrator level with either
exit or Control-D to get you back to your own user permissions. That means forgetting a step or just being lazy can be dangerous. A safer approach would be to require you to take action each time you want to run a command as root.
Enter the sudo command. Unlike su, sudo changes your permissions for only a single command. Once that command completes your permissions revert back to the ones you had when you logged in. Note that while sudo has additional capabilities, 99% of the time this is all you want. For the geeks out there, read the sudo man page by entering
man sudo in a terminal window.
Using sudo, the build sequence described above just becomes
sudo make install. No other changes other than adding sudo to the third command and no need to exit to get back to your normal user permissions.
Both the Knoppix and Ubuntu/Kubuntu distributions don’t include the su command nor do the have root logins. The only way to get administrator privileges at the command-line level is to use sudo. With Knoppix running from a live CD there are no user logins so sudo happens with no questions asked.
With Kubuntu, it works a bit different. When you enter the sudo command for the first time, you will be prompted for a password. What password? Yours. That is, the password you normally use to log in. This is to prevent someone walking over to an unattended system from getting root access. In order to make it more convenient to do a series of commands as root, Kubuntu remembers that you have run as root recently and doesn’t require the password. But, after a short idle period, you will be asked for it again.
Hopefully this article has filled in your knowledge on how to get administrator access. The most important information in this article is, however, to always try to do as much as possible without administrator permissions. Using this approach you will find that you say "Oops!" a lot less often.