What does sudo mean and do?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
"Can someone tell me what sudo
means?" I am learning Linux. I googled but can someone kind of give me a Windows comparison I think this will help me a little. I know su
means switch user. sudo
is being another user, but how and why? Why can't you just give yourself permissions under your user name?
centos sudo
add a comment |Â
up vote
0
down vote
favorite
"Can someone tell me what sudo
means?" I am learning Linux. I googled but can someone kind of give me a Windows comparison I think this will help me a little. I know su
means switch user. sudo
is being another user, but how and why? Why can't you just give yourself permissions under your user name?
centos sudo
1
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
"Can someone tell me what sudo
means?" I am learning Linux. I googled but can someone kind of give me a Windows comparison I think this will help me a little. I know su
means switch user. sudo
is being another user, but how and why? Why can't you just give yourself permissions under your user name?
centos sudo
"Can someone tell me what sudo
means?" I am learning Linux. I googled but can someone kind of give me a Windows comparison I think this will help me a little. I know su
means switch user. sudo
is being another user, but how and why? Why can't you just give yourself permissions under your user name?
centos sudo
centos sudo
edited Oct 2 '17 at 14:53
dessert
1,013321
1,013321
asked Oct 2 '17 at 2:56
KnowledgeBeyondMe
111
111
1
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
add a comment |Â
1
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
1
1
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
add a comment |Â
5 Answers
5
active
oldest
votes
up vote
2
down vote
sudo
allows you run a program as the root super user. Using it instead of su
,
- you do not need to know the root password because it asks for your password,
- you know explicitly what commands will run as the root and which others as you. If you use
su
, you got a shell and can run inadvertently some (dangerous) programs, and - all your actions are logged into the
auth.log
file. Actions in a shell, such as one initiated bysu
are not usually logged.
Why can't you just give yourself permissions under your user name?
For security reasons, the root account is seldom used for day to day purposes. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs.
There is an analogy in Wikipedia you can consider:
- Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.
Usingsudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.
â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.
â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the/etc/sudoers
or using other techniques, to runsudo
. Usually, you do not authorize all the people, just system administrators.
â Jaime
Oct 4 '17 at 9:53
add a comment |Â
up vote
1
down vote
In early versions of Unix the most common scenario was to be logged in through a terminal without a windowing system. The su command (substitute user) was a convenient way to change your current permissions without logging out. Remember, without a windowing system logging out meant stopping whatever you had running.
Using su to become root has some annoying issues. People occasionally would forget to exit the session and accidentally run commands as root. Changing the administrative password was complicated by the fact that you needed to distribute it to everyone who needed it. Most systems didn't log every command so it was difficult to tell who'd done what as root. And so on.
sudo addressed those issues by letting people run one single command as root. It provides better auditing and control while being a bit more convenient for one off commands.
add a comment |Â
up vote
1
down vote
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
1
sudo
is a utility, not a user name. Someone still have to give you the right to usesudo
. The right may be restricted to the use of particular commands, or for usingsudo
to assume particular other user identities.sudo
may be used to switch to other roles than just root.
â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has anadmin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize thesudo
to all the members of a group. If you check the/etc/sudoers
, the authorized groups have a%
prefix.
â Jaime
Oct 4 '17 at 10:00
add a comment |Â
up vote
1
down vote
By default on most Unices, the "administrator" account, root, is to be used only sparingly. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't.
"Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. As an ordinary user, you can at most delete your own files only.
The older su
utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords.
su
is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). This may be done in startup scripts as the system is booting.
su
is more seldom used interactively (on the command line).
The sudo
utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. Again, the sudo
utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions).
Typically, one would run single commands using sudo
(hence the name "superuser do"):
$ sudo apt-get install vim
or
$ sudo shutdown -ph now
Using sudo
in this way is prefered to using sudo -s
and work with an interactive root shell, because the commands that you execute are logged. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing.
If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.
As an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user.
OpenBSD (since release 5.8) has a utility called doas
which replaces sudo
in the default system installation. It was developed when it became clear that sudo
had become too complex to fit the goals laid out by the developers of OpenBSD. Its use is similar to that of sudo
, but configuring it is easier.
add a comment |Â
up vote
0
down vote
sudo allows you to run a program as a different user (including root) based on a configurable, predefined set of rules.
On a Unix/POSIX/Linux system root is god. The root user is also singular.
In many environments there are multiple admins who might require full root access, but there can be also be individuals who require access to do some specific function usually reserved for root; DBAs need to stop and start DB services, edit DB config fules, network administrators need to configure network devices and routes, security administrators need to manage certificates and configure firewalls.
By constraining what commands a person can run, sudo applies the principle of least privilege - users don't get access they don't need. But its not just constraining the binaries users run. Many admin tasks are carried out from the command line - and the paramters passed to that command can also be constrained by sudo (or captured in a shell script with access provided by sudo) hence it is possible to restrict the data / devices that these specialized admins can access.
Why can't you just give yourself permissions under your user name?
1) this would be bad.
I have often had access to the root account on systems - but I aways set up a named account to use for login, and only 'su' or 'sudo' when I want to explitily invoke my super powers. In addition to avoiding silly mistakes, my named account provides a sandbox for any misbehaving components.
what if there are 5 people who need the privileged access, do I grant it to each and every one? What about 20? what about 200?
2) this would be difficult
- it's not the Unix security model. Sure you could change the permissions on some executables (see earlier note about parameters). But if you're security conscious, you apply patches regularly - which can undermine a customized permissions model (sudo OTOH maintains its permissions independently of the commands themselves).
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
add a comment |Â
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
sudo
allows you run a program as the root super user. Using it instead of su
,
- you do not need to know the root password because it asks for your password,
- you know explicitly what commands will run as the root and which others as you. If you use
su
, you got a shell and can run inadvertently some (dangerous) programs, and - all your actions are logged into the
auth.log
file. Actions in a shell, such as one initiated bysu
are not usually logged.
Why can't you just give yourself permissions under your user name?
For security reasons, the root account is seldom used for day to day purposes. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs.
There is an analogy in Wikipedia you can consider:
- Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.
Usingsudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.
â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.
â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the/etc/sudoers
or using other techniques, to runsudo
. Usually, you do not authorize all the people, just system administrators.
â Jaime
Oct 4 '17 at 9:53
add a comment |Â
up vote
2
down vote
sudo
allows you run a program as the root super user. Using it instead of su
,
- you do not need to know the root password because it asks for your password,
- you know explicitly what commands will run as the root and which others as you. If you use
su
, you got a shell and can run inadvertently some (dangerous) programs, and - all your actions are logged into the
auth.log
file. Actions in a shell, such as one initiated bysu
are not usually logged.
Why can't you just give yourself permissions under your user name?
For security reasons, the root account is seldom used for day to day purposes. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs.
There is an analogy in Wikipedia you can consider:
- Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.
Usingsudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.
â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.
â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the/etc/sudoers
or using other techniques, to runsudo
. Usually, you do not authorize all the people, just system administrators.
â Jaime
Oct 4 '17 at 9:53
add a comment |Â
up vote
2
down vote
up vote
2
down vote
sudo
allows you run a program as the root super user. Using it instead of su
,
- you do not need to know the root password because it asks for your password,
- you know explicitly what commands will run as the root and which others as you. If you use
su
, you got a shell and can run inadvertently some (dangerous) programs, and - all your actions are logged into the
auth.log
file. Actions in a shell, such as one initiated bysu
are not usually logged.
Why can't you just give yourself permissions under your user name?
For security reasons, the root account is seldom used for day to day purposes. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs.
There is an analogy in Wikipedia you can consider:
- Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.
sudo
allows you run a program as the root super user. Using it instead of su
,
- you do not need to know the root password because it asks for your password,
- you know explicitly what commands will run as the root and which others as you. If you use
su
, you got a shell and can run inadvertently some (dangerous) programs, and - all your actions are logged into the
auth.log
file. Actions in a shell, such as one initiated bysu
are not usually logged.
Why can't you just give yourself permissions under your user name?
For security reasons, the root account is seldom used for day to day purposes. Usually, all the users, including administrators, use a "normal" user and only execute commands as root when it is needed. This may prevent (1) unauthorized access to files of other users, (2) not-logged root actions and (3) problems caused by executing "dangerous" programs.
There is an analogy in Wikipedia you can consider:
- Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.
answered Oct 2 '17 at 3:31
Jaime
23115
23115
Usingsudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.
â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.
â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the/etc/sudoers
or using other techniques, to runsudo
. Usually, you do not authorize all the people, just system administrators.
â Jaime
Oct 4 '17 at 9:53
add a comment |Â
Usingsudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.
â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.
â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the/etc/sudoers
or using other techniques, to runsudo
. Usually, you do not authorize all the people, just system administrators.
â Jaime
Oct 4 '17 at 9:53
Using
sudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.â Johan Myréen
Oct 2 '17 at 6:18
Using
sudo
is rather like being Goofy until you eat a super peanut which turns you into Super Goof. Your super powers wear off after a timeout (default 15 minutes), after which you are prompted for a new peanut... er, your password.â Johan Myréen
Oct 2 '17 at 6:18
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in
/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.â Johan Myréen
Oct 4 '17 at 6:48
@KnowledgeBeyondMe Everyone has the potential to be an admin, but you still have to be authorised by being listed in
/etc/sudoers
. There are some other advantages of sudo over su, but the main point of sudo is that you authenticate using your own password. Shared passwords are bad.â Johan Myréen
Oct 4 '17 at 6:48
You must authorize people, including them into the
/etc/sudoers
or using other techniques, to run sudo
. Usually, you do not authorize all the people, just system administrators.â Jaime
Oct 4 '17 at 9:53
You must authorize people, including them into the
/etc/sudoers
or using other techniques, to run sudo
. Usually, you do not authorize all the people, just system administrators.â Jaime
Oct 4 '17 at 9:53
add a comment |Â
up vote
1
down vote
In early versions of Unix the most common scenario was to be logged in through a terminal without a windowing system. The su command (substitute user) was a convenient way to change your current permissions without logging out. Remember, without a windowing system logging out meant stopping whatever you had running.
Using su to become root has some annoying issues. People occasionally would forget to exit the session and accidentally run commands as root. Changing the administrative password was complicated by the fact that you needed to distribute it to everyone who needed it. Most systems didn't log every command so it was difficult to tell who'd done what as root. And so on.
sudo addressed those issues by letting people run one single command as root. It provides better auditing and control while being a bit more convenient for one off commands.
add a comment |Â
up vote
1
down vote
In early versions of Unix the most common scenario was to be logged in through a terminal without a windowing system. The su command (substitute user) was a convenient way to change your current permissions without logging out. Remember, without a windowing system logging out meant stopping whatever you had running.
Using su to become root has some annoying issues. People occasionally would forget to exit the session and accidentally run commands as root. Changing the administrative password was complicated by the fact that you needed to distribute it to everyone who needed it. Most systems didn't log every command so it was difficult to tell who'd done what as root. And so on.
sudo addressed those issues by letting people run one single command as root. It provides better auditing and control while being a bit more convenient for one off commands.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
In early versions of Unix the most common scenario was to be logged in through a terminal without a windowing system. The su command (substitute user) was a convenient way to change your current permissions without logging out. Remember, without a windowing system logging out meant stopping whatever you had running.
Using su to become root has some annoying issues. People occasionally would forget to exit the session and accidentally run commands as root. Changing the administrative password was complicated by the fact that you needed to distribute it to everyone who needed it. Most systems didn't log every command so it was difficult to tell who'd done what as root. And so on.
sudo addressed those issues by letting people run one single command as root. It provides better auditing and control while being a bit more convenient for one off commands.
In early versions of Unix the most common scenario was to be logged in through a terminal without a windowing system. The su command (substitute user) was a convenient way to change your current permissions without logging out. Remember, without a windowing system logging out meant stopping whatever you had running.
Using su to become root has some annoying issues. People occasionally would forget to exit the session and accidentally run commands as root. Changing the administrative password was complicated by the fact that you needed to distribute it to everyone who needed it. Most systems didn't log every command so it was difficult to tell who'd done what as root. And so on.
sudo addressed those issues by letting people run one single command as root. It provides better auditing and control while being a bit more convenient for one off commands.
answered Oct 2 '17 at 3:44
Matthew Gauthier
40213
40213
add a comment |Â
add a comment |Â
up vote
1
down vote
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
1
sudo
is a utility, not a user name. Someone still have to give you the right to usesudo
. The right may be restricted to the use of particular commands, or for usingsudo
to assume particular other user identities.sudo
may be used to switch to other roles than just root.
â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has anadmin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize thesudo
to all the members of a group. If you check the/etc/sudoers
, the authorized groups have a%
prefix.
â Jaime
Oct 4 '17 at 10:00
add a comment |Â
up vote
1
down vote
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
1
sudo
is a utility, not a user name. Someone still have to give you the right to usesudo
. The right may be restricted to the use of particular commands, or for usingsudo
to assume particular other user identities.sudo
may be used to switch to other roles than just root.
â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has anadmin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize thesudo
to all the members of a group. If you check the/etc/sudoers
, the authorized groups have a%
prefix.
â Jaime
Oct 4 '17 at 10:00
add a comment |Â
up vote
1
down vote
up vote
1
down vote
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
answered Oct 2 '17 at 14:03
KnowledgeBeyondMe
111
111
1
sudo
is a utility, not a user name. Someone still have to give you the right to usesudo
. The right may be restricted to the use of particular commands, or for usingsudo
to assume particular other user identities.sudo
may be used to switch to other roles than just root.
â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has anadmin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize thesudo
to all the members of a group. If you check the/etc/sudoers
, the authorized groups have a%
prefix.
â Jaime
Oct 4 '17 at 10:00
add a comment |Â
1
sudo
is a utility, not a user name. Someone still have to give you the right to usesudo
. The right may be restricted to the use of particular commands, or for usingsudo
to assume particular other user identities.sudo
may be used to switch to other roles than just root.
â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has anadmin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize thesudo
to all the members of a group. If you check the/etc/sudoers
, the authorized groups have a%
prefix.
â Jaime
Oct 4 '17 at 10:00
1
1
sudo
is a utility, not a user name. Someone still have to give you the right to use sudo
. The right may be restricted to the use of particular commands, or for using sudo
to assume particular other user identities. sudo
may be used to switch to other roles than just root.â Kusalananda
Oct 2 '17 at 14:08
sudo
is a utility, not a user name. Someone still have to give you the right to use sudo
. The right may be restricted to the use of particular commands, or for using sudo
to assume particular other user identities. sudo
may be used to switch to other roles than just root.â Kusalananda
Oct 2 '17 at 14:08
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
oh so it s like Active Directory Organizational groups? You have your own user name with privileges but if you are given permissions you can access privies of a specialized org. The ORG in this sense would be the SUDO utility?
â KnowledgeBeyondMe
Oct 2 '17 at 16:20
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Not knowing what an "Active Directory" is, I can't say yes or no to that with certainty.
â Kusalananda
Oct 2 '17 at 16:22
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
Control mechanism for rights and roles in windows.
â KnowledgeBeyondMe
Oct 2 '17 at 16:23
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has an
admin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize the sudo
to all the members of a group. If you check the /etc/sudoers
, the authorized groups have a %
prefix.â Jaime
Oct 4 '17 at 10:00
No, sudo is not a group or a user account. -- In Windows, Active Directory and LDAP you can define user groups. In Linux, you can define user groups too. For instance, your linux usually has an
admin
group. Each user may belong to a primary group and multiple secondary groups. -- You can authorize the sudo
to all the members of a group. If you check the /etc/sudoers
, the authorized groups have a %
prefix.â Jaime
Oct 4 '17 at 10:00
add a comment |Â
up vote
1
down vote
By default on most Unices, the "administrator" account, root, is to be used only sparingly. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't.
"Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. As an ordinary user, you can at most delete your own files only.
The older su
utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords.
su
is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). This may be done in startup scripts as the system is booting.
su
is more seldom used interactively (on the command line).
The sudo
utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. Again, the sudo
utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions).
Typically, one would run single commands using sudo
(hence the name "superuser do"):
$ sudo apt-get install vim
or
$ sudo shutdown -ph now
Using sudo
in this way is prefered to using sudo -s
and work with an interactive root shell, because the commands that you execute are logged. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing.
If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.
As an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user.
OpenBSD (since release 5.8) has a utility called doas
which replaces sudo
in the default system installation. It was developed when it became clear that sudo
had become too complex to fit the goals laid out by the developers of OpenBSD. Its use is similar to that of sudo
, but configuring it is easier.
add a comment |Â
up vote
1
down vote
By default on most Unices, the "administrator" account, root, is to be used only sparingly. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't.
"Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. As an ordinary user, you can at most delete your own files only.
The older su
utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords.
su
is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). This may be done in startup scripts as the system is booting.
su
is more seldom used interactively (on the command line).
The sudo
utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. Again, the sudo
utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions).
Typically, one would run single commands using sudo
(hence the name "superuser do"):
$ sudo apt-get install vim
or
$ sudo shutdown -ph now
Using sudo
in this way is prefered to using sudo -s
and work with an interactive root shell, because the commands that you execute are logged. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing.
If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.
As an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user.
OpenBSD (since release 5.8) has a utility called doas
which replaces sudo
in the default system installation. It was developed when it became clear that sudo
had become too complex to fit the goals laid out by the developers of OpenBSD. Its use is similar to that of sudo
, but configuring it is easier.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
By default on most Unices, the "administrator" account, root, is to be used only sparingly. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't.
"Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. As an ordinary user, you can at most delete your own files only.
The older su
utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords.
su
is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). This may be done in startup scripts as the system is booting.
su
is more seldom used interactively (on the command line).
The sudo
utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. Again, the sudo
utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions).
Typically, one would run single commands using sudo
(hence the name "superuser do"):
$ sudo apt-get install vim
or
$ sudo shutdown -ph now
Using sudo
in this way is prefered to using sudo -s
and work with an interactive root shell, because the commands that you execute are logged. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing.
If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.
As an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user.
OpenBSD (since release 5.8) has a utility called doas
which replaces sudo
in the default system installation. It was developed when it became clear that sudo
had become too complex to fit the goals laid out by the developers of OpenBSD. Its use is similar to that of sudo
, but configuring it is easier.
By default on most Unices, the "administrator" account, root, is to be used only sparingly. There are only two levels of administrator, or "super user", rights on a normal Unix system: You either have full control of everything, or you don't.
"Full control" includes circumventing most permission checks and to utterly mess up the system by a simple mis-typing. As an ordinary user, you can at most delete your own files only.
The older su
utility is used together with the root password to assume the root identity, but may also be used to assume other users identities, or to execute single commands as them, given that you belong to the correct user group and know their passwords.
su
is commonly used by the root user (on some Unix system) to start daemons (service processes) that need to run under particular user identities to protect them from accessing areas that they shouldn't have access to (typically web servers, SSH server and the like). This may be done in startup scripts as the system is booting.
su
is more seldom used interactively (on the command line).
The sudo
utility requires a bit more configuration as it allows a user to execute commands as another user by using their own password (which means that a root password, for example, does not need to be shared), and it also allows for fine grained control of who is allowed to do exactly what. One could, for example give a single user, or a whole group of users, the ability to mount a certain disk, but not to unmount it or to mount any other disks, or to install software using specific commands etc. Again, the sudo
utility allows for assuming other user's identities (not just root) for interactive sessions, or for executing single commands (if the configuration has been set up this way by some other person with root permissions).
Typically, one would run single commands using sudo
(hence the name "superuser do"):
$ sudo apt-get install vim
or
$ sudo shutdown -ph now
Using sudo
in this way is prefered to using sudo -s
and work with an interactive root shell, because the commands that you execute are logged. one may later retrace the actions in the log file to see where (and who) did something, either for debugging or for auditing.
If you find yourself typing away at an interactive root prompt for an extended period of time, then you should reconsider what you're doing and if that really requires root privileges.
As an example, the only time that I bring up an interactive root prompt is when adding an ordinary user for myself on a freshly installed machine, or when I really have some serious issues that prevents me from even logging in as an ordinary user.
OpenBSD (since release 5.8) has a utility called doas
which replaces sudo
in the default system installation. It was developed when it became clear that sudo
had become too complex to fit the goals laid out by the developers of OpenBSD. Its use is similar to that of sudo
, but configuring it is easier.
edited Oct 2 '17 at 14:43
answered Oct 2 '17 at 14:24
Kusalananda
105k14209326
105k14209326
add a comment |Â
add a comment |Â
up vote
0
down vote
sudo allows you to run a program as a different user (including root) based on a configurable, predefined set of rules.
On a Unix/POSIX/Linux system root is god. The root user is also singular.
In many environments there are multiple admins who might require full root access, but there can be also be individuals who require access to do some specific function usually reserved for root; DBAs need to stop and start DB services, edit DB config fules, network administrators need to configure network devices and routes, security administrators need to manage certificates and configure firewalls.
By constraining what commands a person can run, sudo applies the principle of least privilege - users don't get access they don't need. But its not just constraining the binaries users run. Many admin tasks are carried out from the command line - and the paramters passed to that command can also be constrained by sudo (or captured in a shell script with access provided by sudo) hence it is possible to restrict the data / devices that these specialized admins can access.
Why can't you just give yourself permissions under your user name?
1) this would be bad.
I have often had access to the root account on systems - but I aways set up a named account to use for login, and only 'su' or 'sudo' when I want to explitily invoke my super powers. In addition to avoiding silly mistakes, my named account provides a sandbox for any misbehaving components.
what if there are 5 people who need the privileged access, do I grant it to each and every one? What about 20? what about 200?
2) this would be difficult
- it's not the Unix security model. Sure you could change the permissions on some executables (see earlier note about parameters). But if you're security conscious, you apply patches regularly - which can undermine a customized permissions model (sudo OTOH maintains its permissions independently of the commands themselves).
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
add a comment |Â
up vote
0
down vote
sudo allows you to run a program as a different user (including root) based on a configurable, predefined set of rules.
On a Unix/POSIX/Linux system root is god. The root user is also singular.
In many environments there are multiple admins who might require full root access, but there can be also be individuals who require access to do some specific function usually reserved for root; DBAs need to stop and start DB services, edit DB config fules, network administrators need to configure network devices and routes, security administrators need to manage certificates and configure firewalls.
By constraining what commands a person can run, sudo applies the principle of least privilege - users don't get access they don't need. But its not just constraining the binaries users run. Many admin tasks are carried out from the command line - and the paramters passed to that command can also be constrained by sudo (or captured in a shell script with access provided by sudo) hence it is possible to restrict the data / devices that these specialized admins can access.
Why can't you just give yourself permissions under your user name?
1) this would be bad.
I have often had access to the root account on systems - but I aways set up a named account to use for login, and only 'su' or 'sudo' when I want to explitily invoke my super powers. In addition to avoiding silly mistakes, my named account provides a sandbox for any misbehaving components.
what if there are 5 people who need the privileged access, do I grant it to each and every one? What about 20? what about 200?
2) this would be difficult
- it's not the Unix security model. Sure you could change the permissions on some executables (see earlier note about parameters). But if you're security conscious, you apply patches regularly - which can undermine a customized permissions model (sudo OTOH maintains its permissions independently of the commands themselves).
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
add a comment |Â
up vote
0
down vote
up vote
0
down vote
sudo allows you to run a program as a different user (including root) based on a configurable, predefined set of rules.
On a Unix/POSIX/Linux system root is god. The root user is also singular.
In many environments there are multiple admins who might require full root access, but there can be also be individuals who require access to do some specific function usually reserved for root; DBAs need to stop and start DB services, edit DB config fules, network administrators need to configure network devices and routes, security administrators need to manage certificates and configure firewalls.
By constraining what commands a person can run, sudo applies the principle of least privilege - users don't get access they don't need. But its not just constraining the binaries users run. Many admin tasks are carried out from the command line - and the paramters passed to that command can also be constrained by sudo (or captured in a shell script with access provided by sudo) hence it is possible to restrict the data / devices that these specialized admins can access.
Why can't you just give yourself permissions under your user name?
1) this would be bad.
I have often had access to the root account on systems - but I aways set up a named account to use for login, and only 'su' or 'sudo' when I want to explitily invoke my super powers. In addition to avoiding silly mistakes, my named account provides a sandbox for any misbehaving components.
what if there are 5 people who need the privileged access, do I grant it to each and every one? What about 20? what about 200?
2) this would be difficult
- it's not the Unix security model. Sure you could change the permissions on some executables (see earlier note about parameters). But if you're security conscious, you apply patches regularly - which can undermine a customized permissions model (sudo OTOH maintains its permissions independently of the commands themselves).
sudo allows you to run a program as a different user (including root) based on a configurable, predefined set of rules.
On a Unix/POSIX/Linux system root is god. The root user is also singular.
In many environments there are multiple admins who might require full root access, but there can be also be individuals who require access to do some specific function usually reserved for root; DBAs need to stop and start DB services, edit DB config fules, network administrators need to configure network devices and routes, security administrators need to manage certificates and configure firewalls.
By constraining what commands a person can run, sudo applies the principle of least privilege - users don't get access they don't need. But its not just constraining the binaries users run. Many admin tasks are carried out from the command line - and the paramters passed to that command can also be constrained by sudo (or captured in a shell script with access provided by sudo) hence it is possible to restrict the data / devices that these specialized admins can access.
Why can't you just give yourself permissions under your user name?
1) this would be bad.
I have often had access to the root account on systems - but I aways set up a named account to use for login, and only 'su' or 'sudo' when I want to explitily invoke my super powers. In addition to avoiding silly mistakes, my named account provides a sandbox for any misbehaving components.
what if there are 5 people who need the privileged access, do I grant it to each and every one? What about 20? what about 200?
2) this would be difficult
- it's not the Unix security model. Sure you could change the permissions on some executables (see earlier note about parameters). But if you're security conscious, you apply patches regularly - which can undermine a customized permissions model (sudo OTOH maintains its permissions independently of the commands themselves).
answered Oct 2 '17 at 15:01
symcbean
2,24911121
2,24911121
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
add a comment |Â
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
ahhh, this is why Linux is a bit more difficult to attack. Less people with rights. The attacker would have to find the right person with the right rights. per se.
â KnowledgeBeyondMe
Oct 2 '17 at 16:22
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f395548%2fwhat-does-sudo-mean-and-do%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
In windows, if you don't have admin rights, you need to provide name and password for an account that does as well. You can of course give yourself permission under your user name, it is just not smart to do so, as any program that your run can then modify anything you have permission for. That is one of the reasons why Windows has been unsafe for so long.
â Anthon
Oct 2 '17 at 3:08
@KnowledgeBeyondMe: What is it with the subject of the question? Please change it to something meaningful.
â harish.venkat
Oct 2 '17 at 3:33
ok, so let me see if I understand this. Instead of people having admin accounts everyone has the potential to be an admin by using the sudo username. However, by using that sudo user name your actions will be logged back to you because its kind like a hell off your actual username acct. If this is so, I really like that. It saves tons of time. You don't have to wait for someone with privies to come over to you to add software and printers and such.
â KnowledgeBeyondMe
Oct 2 '17 at 14:02