Lesson 10 | sudo |
Objective | Explain the use of the sudo command. |
Linux sudo Command
The sudo
command allows selected non-root users to execute restricted commands.
By using this command, access to the root account can be controlled. The user does not need access to the root
password when using the sudo
commad; the user can use his or her own password, and the access to the specified commands can be set to a limited amount of time.
Question: People in your office have been abusing the printer, so it has been determined that only select individuals will be able to print. Using your superuser ability, print the file named myfile.txt using lpr.
Answer:
[redhat@localhost redhat]sudo lpr myfile.txt
Explanation: The sudo command allows you to execute the "lpr" command, passing to lpr the filename "myfile.txt".
Installing and using sudo
The sudo
package is supplied with Red Hat Powertools and can be installed by simply typing:
rpm -Uvh sudo-*.rpm
Using the sudo
command, an ordinary user can use their own password to execute commands with superuser privileges:
sudo <command>
sudo Advantages
sudo
has the advantage that it allows you to grant extended power to sub-administrators without having to grant them full access to the entire system; you can also control exactly which users can execute which commands.
For ease of use, sudo
remembers for a short period of time that a user has entered his or her password, so the user can execute several commands by entering a password only once.
Disadvantages of sudo
Although sudo allows certain users the ease of executing root-only commands as a regular user, it does have
its disadvantages.
If sudo
is not configured very securely, it can be used to obtain full administrative access. By issuing the following command, sudo /bin/sh
, a user could start a root
shell. Also, if an attacker compromises a sudo
user's account, they may have a much easier time obtaining root
access.
The next lesson explains finding modified and sticky files.