sudo

The sudo command was originally named for superuser do, which, as the name implies, gives you a chance to perform an action as the root superuser. The sudo command uses the /etc/sudoers file to determine if users are allowed to elevate to superuser permissions. Let's see how it works!

reader@ubuntu:~$ cat /etc/sudoers
cat: /etc/sudoers: Permission denied
reader@ubuntu:~$ ls -l /etc/sudoers
-r--r----- 1 root root 755 Jan 18  2018 /etc/sudoers
reader@ubuntu:~$ sudo cat /etc/sudoers
[sudo] password for reader: 
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
<SNIPPED>
# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo    ALL=(ALL:ALL) ALL
<SNIPPED>
reader@ubuntu:~$

We first try to look at the contents of /etc/sudoers as a normal user. When that gives us a Permission denied error, we look at the permissions on the file. From the -r--r----- 1 root root line, it becomes obvious that only the root user or members of the root group can read the file. To elevate to root privileges, we use the sudo command in front of the command we want to run, which is cat /etc/sudoers. For verification, Linux will always ask the user for their password. This password is then kept in memory for about 5 minutes by default, so you do not have to type your password every time if you've recently entered it.

After entering the password, the /etc/sudoers file is printed for us! It seems that sudo did indeed provide us with superuser permissions. How that works is also explained by the /etc/sudoers file. The # Allow members of group sudo to execute any command line is a comment (since it starts with a #; more on this later) and tells us that the line below gives all users of the sudo group permissions for any commands. On Ubuntu, the default created user is considered an administrator and is a member of this group. Use the id command to verify this:

reader@ubuntu:~$ id
uid=1000(reader) gid=1004(reader) groups=1004(reader),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd),1000(lpadmin),1001(sambashare),1002(debian-tor),1003(libvirtd)
reader@ubuntu:~$

The sudo command has another excellent use: switching to the root user! For this, use the --login flag, or its shorthand, -i:

reader@ubuntu:~$ sudo -i
[sudo] password for reader: 
root@ubuntu:~#

In the prompt, you will see that the username has changed from reader to root. Furthermore, the last character in your prompt is now a # instead of a $. This is also used to denote the current elevated permissions. You can exit this elevated position by using the built-in exit shell:

root@ubuntu:~# exit
logout
reader@ubuntu:~$

Remember, the root user is the superuser of the system that can do everything. And with everything, we really mean everything! Unlike other operating systems, if you tell Linux to delete the root file system and everything below it, it will happily oblige (right up until the point it has destroyed too much to work properly anymore). Do not expect an Are you sure? prompt either. Be very, very careful with sudo commands or anything in a root prompt.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.121.45