Sudo
From FrugalWiki
i18n |
---|
English |
Français |
Contents |
Sudo
Sudo (superuser do) is a command in Unix, Linux and others operating systems. It permit to a system administrator to give the right to an user (or a group of users) to execute one or all the commands with root privileges, logging typed commands and arguments. It is currently maintained by Todd C. Miller, an OpenBSD devel.
sudo's configuration
Install the package sudo by
Still in root, edit the file sudoers :
We add, at the end of the file, the following line :
username ALL=(ALL) ALL
Don't forget to replace username by your login on the computer.
Then, save the file.
How to use sudo
The tool sudo is used in the commande line, in a terminal. It permits to execute, with root privileges, commands or applications in console mode. To launch graphical applications with root privileges, you should use the graphical equivalents (gksudo for GNOME, kdesu for KDE).
There is no password associated with the root account and root user doesn't need it.
sudo is used like this :
The asked password is the one associated to your user account. The command will be executed if the password is correct and the user is allowed to execute administration tasks. The password is memorized pour 15 minutes. After this duration, you'll have to type the password again. To close the sudo session before the 15 minutes, use this command :
If you have many commands to type, you can launch a terminal in the superuser mode.
Benefits
The benefits for disabling the root account by default include :
- The user must ask less questions. This is particularly important for the new user, who is perhaps unaware of the existence of the account system.
- Users don't have to remember another password, which the can easily forget. Some users who have activated the root account write the password on a piece of paper, to retrieve it if they forget it. This is a serious security problem because anyone who find the paper can take the root identity.
- It avoids the "I can do all on my computer" behavior. Before executing an administration action, the system asks you your password, which make you think about the consequences of your action.
- sudo keeps a trace of all commands executed (in the log /var/log/auth.log). If a problem appears, you can always check the log to find the command which has caused the problem.
- All the hackers who try to penetrate your system with a brute force program know that there is an account called root and they will try to hack this one first. The don't know the login of the other users of the computer.
- It permits a fast transfer of the administration rights, as for the long term than the short, with the simple adding or removing of an user in the administration group, the all without compromising the root account.
- sudo can be configured with a more fine policy.