Doing su in sudo
- 0
- Add a Comment
- No Related Post
Doing su in sudo
Some of the tasks you want to perform in Linux require root permissions. You’ve seen this already throughout the newsletter: the infamous “su” command. I’ve also mentioned the dangers of root - namely the fact that root is omnipotent. It can delete any file on the system, wreaking great havoc with your perfect Linux setup. Obviously, it’s wise to use root powers very, very judiciously.
Or, you can take a safer route to su with the sudo command. Most distributions now come stock with the sudo package. Sudo allows a system administrator to grant a limited set of root permissions to specified users. Sudo uses a timestamping method to control access to these root commands. When sudo is invoked by an authorized user (as listed in the /etc/sudoers file), the user is granted a 5 minute ticket to perform the requested task. Each subsequent invocation of sudo updates the open ticket for another 5 minutes. Drag the process out for more than 5 minutes, and the permission is gone. This is a very creative and powerful approach to system security. The timestamping system makes it nearly impossible for a user to accidently leave a root shell open for any user passing by the machine to exploit.
sudo relies on the /etc/sudoers file to define the capabilities of each user. A full range of permissions can be defined by host machine or user in the /etc/sudoers file. You do, however, need to be root to edit this file. And, you should use the visudo command. The options for this file are too exhaustive to go into in Penguin Shell, but they can be found here, in the sudo author’s posted sudoer man page.
Once you’ve configured the /etc/sudoers file to your tastes, you can invoke any authorized command using:
sudo [command]
When the initial timestamped ticket is issued, you’ll be prompted for the root password. Any further sudo commands invoked during the allocated 5 minute period will not require a re-entry of the root password.
Even with a properly configured /etc/sudoers file, it’s still possible to do damage to your system using sudo-invoked root commands. It’s only less likely, not impossible. But using sudo wisely can eliminate a great number of the dangers of root powers.