b5media.com

Advertise with us

Enjoying this blog? Check out the rest of the Technology Channel Subscribe to this Feed

New Linux User

EXPLAIN: What is Sudo?

by Jon on November 14th, 2005

Sometimes you need or want to execute a command as another user. While the standard su command works well for ‘becoming’ another user, sudo offers the ability to do things as another user without that user’s password.

The system admin (that’s you!) can set sudo up to allow specific users to run specific applications. I’m not sure that there’s much use for sudo on the home front (although I think K/Ubuntu uses it heavily), but certainly in the larger networks there may be many situations where the administrator may want a user to be able to run an application as root, but giving out the root password is clearly undesirable.

Please note: I am NOT a GNU/Linux security expert by any stretch of the imagination. Please, for the love of God, do NOT set up sudo on a machine that you will miss if it falls into the wrong hands. This entry is intended as an explanation of what sudo is, not as a tutorial on how to set it up securely.

From the man sudo page:

sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.

While sudo is a very powerful command with many possible configurations, we’re just going to look at some basic concepts. Consider the situation where I want the user kelly on my system to be able to run the dhclient command. The dhclient command cannot normally be run by anyone other than the root user and while I want Kelly to be able to run it, I don’t want to give her my root password to do so.

Note: You should not edit the /etc/sudoers file manually. You should run visudo as the root user to edit the /etc/sudoers file. You’ll likely need a primer on how to get around visudo:

  • INS puts you into insert mode so you can type
  • ESC puts you into command mode so you can save and quit visudo
  • :w writes your changes to the sudoers file (don’t forget the colon before the w!)
  • :q quits visudo. It will complain if you haven’t saved first (don’t forget that colon!)

I can let Kelly run the command by creating the following entry in my /etc/sudoers file:

kelly jonzbox = NOPASSWD: /sbin/dhclient

That line reads: let the user kelly run the /sbin/dhclient application on the machine named jonzbox without being prompted for a password.

Kelly can now run the dhclient command by typing:

sudo dhclient

The combinations of permissions that can be constructed in the sudoers file are endless. A person who understands sudo intimately can create very complex and elegant execution rights. Alas, I am not that person and we will have to stop at that basic concept.

The files and applications involved in setting up and running sudo are:

  • visudo — application used by the root user to set up sudo permissions
  • sudoers — data file edited by visudo
  • sudo — application run by users to execute the applications as per the sudoers file

Clear as mud?

Share This

Related Stories

POSTED IN: Explanation

2 opinions for EXPLAIN: What is Sudo?

  • Jay Jones
    Nov 21, 2006 at 10:57 am

    This explaination is terrible. I’m shaking my head with every attempt I find on the internet to explain this term. Do you know that sudo may be the very first thing required of a new linux user to learn? Com’on! I’m somewhat taking my anger for everyone who is failing to communicate with us regular people out on you because you have this “reply” feature and they don’t. You are failing to communicate with us. Do you understand? For example: I made the stupid mistake of thinking I could install and learn Ubuntu linux at my leisure. Now I realize that I must be present when my computer is booting to make sure to select Windows XP in this new GRUB thing. Anything I wanted the computer to do while I was at work it now cannot do. I want to change that stupid grub to allow me to run my computer my way. How do I do this…
    Try it sometime. Go to google.com/linux and ask how do I change my default settings in my grub? You will find each answer will assume you know this sudo. This is a miserable failure, don’t you agree? Don’t you see how many hours must be wasted to click on each answer people attempt at that one question just to find them all something you can’t even do? Finally you decide to go back to google.com/linux and ask what is sudo? Your “answer” is about the second or third to appear among the search results. And look at it…worthless. I want to ‘execute a command?” The standard “su” command works well? What in the world are you talking about?
    You are failing. Your whole generation of Linux users are failing to give regular people a chance with this program. Each of you seem to want to give back to your Linux community with all your elaborate websites discussing this stuff, but you are all speaking a language regular people don’t understand. If you want to be helpful start from the beginning level meaning…”This person is reading my website, so they know how to get online, search, and click. I will take it from there.” Or….just forget about it.

  • Joyous Mate
    Jun 13, 2007 at 2:03 am

    Jays post really made me smile:) Although I consider myself a programmer, I must admit that Linux has remained somewhat obscure for me. Until recent times when I finally managed to construct a mental representation about what Linux might be and what kind of ideology is behind it’s inner workings.

    I agree with Jay that sometimes it is really difficult to begin working with Linux when one is not familiar with the concept or paradigm Linux presents about itself. The concept of Windows is simple — a computer is basically a virtual desk that has features a regular desk doesn’t have. But what the hell is the BIG concept of Linux? I began to understand Linux until I figured out that it is a command interpreter that has various interfaces. That’s it. The trick is that without intermediate understanding (I mean technically sound) about computer architecture, programming, graph theory it is really difficult to appreciate Linux for what it is. A mere mortal not educated in the Way of Computer Science learns Linux like a non-musician learns to play a song on a guitar — learning to play a certain song on an instrument instead of learning to play the instrument.

    So Jay, what can I say?:) I say that You have three options:

    1) If You want to understand Linux, learn Computer Science

    2) If You want to use Linux, learn by example but be prepared to be frustrated because You are learning to play a song, not the instrument and Linux consists of a bunch of different songs

    3) If neither option seems viable, then keep your thumbs crossed for upcoming releases that might be more “readymade” or just quit Linux and forget You ever heard about it:)

Have an opinion? Leave a comment:




Check Spelling
Activate Spell Check while Typing