Tags:
create new tag
, view all tags
sudo is a program which allows users to run programs with more permissions and privileges than they normally have under their own user id. (Compare this to suid which is a permission bit that can be set to allow a user to execute a program as a different user id -- specifically the owner of the file, with his permissions and privileges.)

sudo is sometimes said to mean "superuser do", but I think it would be more accurate to say "switch user do".

See also suid, visudo.

See AboutThesePages.

Contents

Resources

  • Sudo in a Nutshell -- "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. It's features include:"
  • Sample /etc/sudoers file
  • DESCRIPTION --
sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file (the group vector is also initialized when the target user is not root). By default, sudo requires that users authenticate themselves with a password (NOTE: by default this is the user's password, not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers).

sudo determines who is an authorized user by consulting the file /etc/sudoers. By giving sudo the -v flag a user can update the time stamp without running a command. The password prompt itself will also time out if the user's password is not entered within 5 minutes (unless overridden via sudoers).

From the same page:
CAVEATS

There is no easy way to prevent a user from gaining a root shell if that user has access to commands allowing shell escapes.

If users have sudo ALL there is nothing to prevent them from creating their own program that gives them a root shell regardless of any '!' elements in the user specification.

Running shell scripts via sudo can expose the same kernel bugs that make setuid shell scripts unsafe on some operating systems (if your OS supports the /dev/fd/ directory, setuid shell scripts are generally safe).

  • there is an article by Vincent Danen somewhere at mandrakesecure.net -- I would expect it to be useful


Contributors

  • RandyKramer - 06 Apr 2002
  • <If you edit this page, add your name here, move this to the next line>

Page Ratings

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2002-08-02 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look