Tuesday, December 23, 2008

sudo: Running a Command with root Privileges

Classically a user gained root privileges by logging in as root or by giving an su (substitute user) command and providing the root password. When an ordinary user executed a privileged command in a graphical environment, the system would prompt for the root password. More recently the use of sudo (www.sudo.ws) has taken over these classic techniques of gaining root privileges.

As installed, Ubuntu locks the root account by not providing a root password. This setup prevents anyone from logging into the root account (except when you bring the system up in recovery mode). There is, however, a root account (a user with the username root—look at the first line in /etc/passwd). This account/user owns files (give the command ls –l /bin) and runs processes (give the command ps –ef and look at the left column of the output). The root account is critical to the functioning of an Ubuntu system. The sudo utility enables you to run a command as though it had been run by a user logged in as root.

Ubuntu strongly encourages the use of sudo. In fact, as shipped, Ubuntu locks the root account (there is no password) so you cannot use the classic techniques. There are many advantages of using sudo over using the root account for system administration:

• When you run sudo, it requests your password—not the root password— so you have to remember only one password.

• The sudo utility logs all commands it executes. This log can be useful for retracing your steps if you make a mistake and for system auditing.

• The sudo utility allows implementation of a finer-grained security policy than does the use of su and the root account. Using sudo, you can enable specific users to execute specific commands—something you cannot do with the classic root account setup.

• Using sudo makes it harder for a malicious user to gain access to a system. When there is an unlocked root account, a malicious user knows the username of the account she wants to crack before she starts. When the root account is locked, the user has to determine the username and the password to break into a system.

Some users question whether sudo is less secure than su. Because both rely on passwords, they share the same strengths and weaknesses. If the password is compromised, the system is compromised. However, if the password of a user who is allowed by sudo to do one task is compromised, the entire system may not be at risk. Thus, if used properly, the finer granularity of sudo’s permissions structure can make it a more secure tool than su. Also, when sudo is used to invoke a single command, it is less likely that a user will be tempted to keep working with root privileges than if the user opens a root shell with su.

Using sudo may not always be the best, most secure way to set up a system. On a system used by a single user, there is not much difference between using sudo and carefully using su and a root password. In contrast, on a system with several users, and especially on a network of systems with central administration, sudo can be set up to be more secure than su. If you are a dyed-in-the-wool UNIX/Linux user who cannot get comfortable with sudo, it is easy enough to give the root account a password and use su.

When you install Ubuntu, the first user you set up is included in the admin group. As installed, sudo is configured to allow members of the admin group to run with root privileges. Because there is no root password, initially the only way to perform privileged administrative tasks from the command line is for the first user to run them using sudo. Graphical programs call other programs, such as gksud, which in turn call sudo for authentication.

By default, sudo asks for your password (not the root password) the first time you run it. At that time, sudo sets your timestamp. After you supply a password, sudo will not prompt you again for a password for 15 minutes, based on your timestamp.

sudo’s environment
The pwd builtin in the preceding example shows one aspect of the modified environment the –i option creates. This option spawns a root login shell (a shell with the same environment as a user logging in as root would have) and executes root’s startup files. Before issuing the sudo –i command, the pwd builtin shows /home/sam as Sam’s working directory; after the command it shows /root, root’s home directory, as the working directory. Use the –s option to spawn a root shell without modifying the environment. When you call sudo without an option, it runs the command you specify in an unmodified environment. To demonstrate, the following example has sudo run pwd without an option. The working directory of a command run in this manner does not change.

Redirecting output
The following command fails because, although the shell that sudo spawns executes ls with root privileges, the nonprivileged shell that the user is running redirects the output. The user’s shell does not have permission to write to /root. There are several ways around this problem. The easiest is to pass the whole command line to a shell running under sudo: The bash –c option spawns a shell that executes the string following the option and then terminates. The sudo utility runs the spawned shell with root privileges. You can quote the string to prevent the nonprivileged shell from interpreting special characters. You can also spawn a root shell with sudo –i, execute the command, and exit from the privileged shell.

You can use command line options to control how sudo runs a command. Following is the syntax of an sudo command line:

sudo [options] [command]

where options is one or more options and command is the command you want to execute. Without the –u option, sudo runs command with root privileges. Some of the more common options follow; see the sudo man page for a complete list.

–b (background) Runs command in the background.

–i (initial login environment) Spawns the shell that is specified for root (or another user specified by –u) in /etc/passwd, running root’s (or the other user’s) startup files, with some exceptions (e.g., TERM is not changed). Does not take a command.

–k (kill) Resets the timestamp (page 491) of the user running the command, which means the user must enter a password the next time she runs sudo.

–L (list defaults) Lists the parameters that you can set on a Defaults line (page 497) in the sudoers file. Does not take a command.

–l (list commands) Lists the commands the user who is running sudo is allowed to run on the local system. Does not take a command.

–s (shell) Spawns a new root (or another user specified by –u) shell as specified in the /etc/passwd file. Similar to –i but does not change the environment. Does not take a command.

–u user Runs command with the privileges of user. Without this option sudo runs command with root privileges.

Source of Information : McGraw Hill Osborne Media How to Do Everything Ubuntu

No comments: